Overview

overview

10

Static

static

SecuriteIn...31.exe

windows7_x64

10

SecuriteIn...31.exe

windows10_x64

10

Analysis

  • max time kernel
    144s
  • max time network
    177s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    27-05-2021 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Trojan.Siggen13.37560.31798.27931.exe

  • Size

    655KB

  • MD5

    12ffd8852c3713d37faeb6af83ca14bf

  • SHA1

    1a4fa395329fda8380fdb0fe64f6f4d874252391

  • SHA256

    eec36810573040757eea624543f2bd7c24db70a4b9cc4acba85acd0a24ad9874

  • SHA512

    5951151df9e6c95e922c00bf8205d7612ed1fdeedb459d7b83821ab087e9d2da1750dcf91c1b56f5a9419c0fb3cf0c77d63ae7d31cce2f38da6a7f4fa91b25b6

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

88.198.147.80:4174

78.47.64.46:4174

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen13.37560.31798.27931.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen13.37560.31798.27931.exe"
    1⤵
    • Drops file in Windows directory
    PID:752
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {F4951577-0E70-4130-B3BD-163A169D6BAD} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen13.37560.31798.27931.exe
      C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen13.37560.31798.27931.exe start
      2⤵
        PID:660

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/660-63-0x0000000000000000-mapping.dmp
      Download
    • memory/660-65-0x00000000002E0000-0x00000000002E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/660-67-0x0000000000400000-0x00000000004AA000-memory.dmp
      Filesize

      680KB

      Download
    • memory/752-59-0x0000000000220000-0x0000000000221000-memory.dmp
      Filesize

      4KB

      Download
    • memory/752-60-0x0000000075451000-0x0000000075453000-memory.dmp
      Filesize

      8KB

      Download
    • memory/752-61-0x0000000000250000-0x0000000000255000-memory.dmp
      Filesize

      20KB

      Download
    • memory/752-62-0x0000000000400000-0x00000000004AA000-memory.dmp
      Filesize

      680KB

      Download