Overview

overview

10

Static

static

5350c1492b...4f.exe

windows7_x64

10

5350c1492b...4f.exe

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    03-06-2021 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5350c1492b2359b71a31ba103cc19b4f.exe

  • Size

    886KB

  • MD5

    5350c1492b2359b71a31ba103cc19b4f

  • SHA1

    67b81cec1269523057aac6db028b33955bffc735

  • SHA256

    e90fa8b16a3e943baf7882ce978b4903c3012be94370e99eb0560bb8e970d682

  • SHA512

    6d0c70987524b698bf7e8cb78cfa247078810938535ff569dd9691ed6d5e8fbea703bf62180e07e624fda13c732db226d3f2231c48e3c698e5338cfb5f253f80

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

88.198.147.80:4174

78.47.64.46:4174

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
    "C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe"
    1⤵
    • Drops file in Windows directory
    PID:1748
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {36EB8879-5F14-42FB-BB2B-2D3A06E03A4F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe
      C:\Users\Admin\AppData\Local\Temp\5350c1492b2359b71a31ba103cc19b4f.exe start
      2⤵
      • Drops file in Windows directory
      PID:1300
    • C:\Windows\TEMP\vcdbbg.exe
      C:\Windows\TEMP\vcdbbg.exe
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Drops file in Windows directory
      PID:632
    • C:\Windows\TEMP\vcdbbg.exe
      C:\Windows\TEMP\vcdbbg.exe start
      2⤵
      • Executes dropped EXE
      PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-75-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/632-73-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1160-79-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1160-81-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1300-64-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1300-67-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1748-62-0x0000000000400000-0x00000000004E2000-memory.dmp

    Filesize

    904KB

    Download

  • memory/1748-60-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1748-59-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1748-61-0x0000000000380000-0x0000000000385000-memory.dmp

    Filesize

    20KB

    Download