Overview

overview

10

Static

static

c1d31fa748...99.exe

windows7_x64

10

c1d31fa748...99.exe

windows10_x64

10

Analysis

  • max time kernel
    116s
  • max time network
    113s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    29/11/2020, 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1d31fa7484170247564e89c97cc325d1f317fb8c8efe50e4d126c7881adf499.exe

  • Size

    259KB

  • MD5

    1f4928730be377f7affb80c3f5305883

  • SHA1

    50b760064a237f123f0f06a846b78cf58713cad1

  • SHA256

    c1d31fa7484170247564e89c97cc325d1f317fb8c8efe50e4d126c7881adf499

  • SHA512

    58ecec71935ab0c490d1011da04aba3d694443b67c576421e6a9e4dc615a5f43b6ee84e2d9a3a48c2895fe28b94955604c2080de290b13ecc086127e5f4dfa54

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1d31fa7484170247564e89c97cc325d1f317fb8c8efe50e4d126c7881adf499.exe
    "C:\Users\Admin\AppData\Local\Temp\c1d31fa7484170247564e89c97cc325d1f317fb8c8efe50e4d126c7881adf499.exe"
    1⤵
    • Drops file in Windows directory
    PID:748
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {F8305F25-EF87-4C8F-BB11-47EA250FEF4D} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\ProgramData\rghi\chtugc.exe
      C:\ProgramData\rghi\chtugc.exe start
      2⤵
      • Executes dropped EXE
      PID:1504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads