systembc | 36373b5af4c8b64bff18ae7d2079da5b3cfb6371def687327d9487adb0de345d

Analysis

Target

1.exe
Size

886KB
MD5

5fc8b735442c0761d95300c3ab2cd3f1
SHA1

0c68b66cd251825596f6a9dbcd9cd664401012c8
SHA256

36373b5af4c8b64bff18ae7d2079da5b3cfb6371def687327d9487adb0de345d
SHA512

a49c999e918a1a68ef64bb4ea3d57c4be1a3e1a35ebb4fb603291dc78b45a408202bd40d95b0adb382ae82fffb30d5ce7ffec11db4b108199d62c77d3b6fe797

Score

10^/10

systembc trojan

Family

systembc

88.198.147.80:4174

78.47.64.46:4174

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Drops file in Windows directory 2 IoCs

Processes:

1.exe

description ioc process

File created C:\Windows\Tasks\wow64.job 1.exe
File opened for modification C:\Windows\Tasks\wow64.job 1.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	1.exe
File opened for modification	C:\Windows\Tasks\wow64.job	1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 844 wrote to memory of 1556	844	taskeng.exe	1.exe
PID 844 wrote to memory of 1556	844	taskeng.exe	1.exe
PID 844 wrote to memory of 1556	844	taskeng.exe	1.exe
PID 844 wrote to memory of 1556	844	taskeng.exe	1.exe

C:\Users\Admin\AppData\Local\Temp\1.exe
"C:\Users\Admin\AppData\Local\Temp\1.exe"
1⤵
- Drops file in Windows directory
PID:856

C:\Windows\system32\taskeng.exe
taskeng.exe {EB424072-D079-425A-AB64-ADAD21820E43} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\1.exe
  C:\Users\Admin\AppData\Local\Temp\1.exe start
  2⤵
  PID:1556

memory/856-60-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download
memory/856-62-0x0000000000290000-0x0000000000295000-memory.dmp

Filesize
20KB

Download
memory/856-63-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/856-61-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1556-64-0x0000000000000000-mapping.dmp

Download
memory/1556-66-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1556-68-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download