systembc | 36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74

Analysis

Target

c96012bf82cc15058dd53887b068bbd8.exe
Size

267KB
MD5

c96012bf82cc15058dd53887b068bbd8
SHA1

3502862e8ef4edd8ff5a427849d8c9f38e45160d
SHA256

36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74
SHA512

315495dcba5d3624ce716ea534a1f74d7256f176b06a7dac006b64d8019ce4dc9ae67857466d1a838ab8bd02ad70fb14b4e425ab29e5e00c6ab8b19a0d94e56a

Score

10^/10

systembc trojan

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

ldpke.exe

pid process

1368 ldpke.exe

pid	process
1368	ldpke.exe

Drops file in Windows directory 2 IoCs

Processes:

c96012bf82cc15058dd53887b068bbd8.exe

description	ioc	process
File created	C:\Windows\Tasks\ldpke.job	c96012bf82cc15058dd53887b068bbd8.exe
File opened for modification	C:\Windows\Tasks\ldpke.job	c96012bf82cc15058dd53887b068bbd8.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

c96012bf82cc15058dd53887b068bbd8.exe

pid process

1208 c96012bf82cc15058dd53887b068bbd8.exe

pid	process
1208	c96012bf82cc15058dd53887b068bbd8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1700 wrote to memory of 1368	1700	taskeng.exe	ldpke.exe
PID 1700 wrote to memory of 1368	1700	taskeng.exe	ldpke.exe
PID 1700 wrote to memory of 1368	1700	taskeng.exe	ldpke.exe
PID 1700 wrote to memory of 1368	1700	taskeng.exe	ldpke.exe

C:\Windows\system32\taskeng.exe
taskeng.exe {B2A4C25F-7622-4523-A807-5386A0BC1BD3} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1700

C:\ProgramData\ubxwedc\ldpke.exe
C:\ProgramData\ubxwedc\ldpke.exe start
2⤵
- Executes dropped EXE
PID:1368

C:\ProgramData\ubxwedc\ldpke.exe
MD5
c96012bf82cc15058dd53887b068bbd8

SHA1
3502862e8ef4edd8ff5a427849d8c9f38e45160d

SHA256
36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74

SHA512
315495dcba5d3624ce716ea534a1f74d7256f176b06a7dac006b64d8019ce4dc9ae67857466d1a838ab8bd02ad70fb14b4e425ab29e5e00c6ab8b19a0d94e56a

Download Submit
C:\ProgramData\ubxwedc\ldpke.exe
MD5
c96012bf82cc15058dd53887b068bbd8

SHA1
3502862e8ef4edd8ff5a427849d8c9f38e45160d

SHA256
36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74

SHA512
315495dcba5d3624ce716ea534a1f74d7256f176b06a7dac006b64d8019ce4dc9ae67857466d1a838ab8bd02ad70fb14b4e425ab29e5e00c6ab8b19a0d94e56a

Download Submit
memory/1208-2-0x0000000000790000-0x00000000007A1000-memory.dmp

Filesize
68KB

Download
memory/1368-4-0x0000000000000000-mapping.dmp

Download