Analysis
-
max time kernel
61s -
max time network
139s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
04-07-2021 08:12
General
-
Target
cad73181081242b8a48532b8c69fe646.exe
-
Size
755KB
-
MD5
cad73181081242b8a48532b8c69fe646
-
SHA1
5ff865d40e6f73fa5b6a3d8799e621cd9ce2d66d
-
SHA256
742a97dbebd3f760b215186d04655dfcaf3846b40d3390a2db9bd7ee5f3d3266
-
SHA512
6098cb0ca40dd1e774ccb06b82fa8ccd2bd2f3280576a3fb55762bef1f73efcf0a9014547f571345b3e4ba009e4e75110bd782bb911de7b5daa8760b354303ed
Score
10/10
Malware Config
Extracted
Family
systembc
C2
185.215.113.32:4000
78.47.64.46:4000
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cad73181081242b8a48532b8c69fe646.exe"C:\Users\Admin\AppData\Local\Temp\cad73181081242b8a48532b8c69fe646.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {46057255-D12D-4407-8CE1-7DFCB6AA937A} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cad73181081242b8a48532b8c69fe646.exeC:\Users\Admin\AppData\Local\Temp\cad73181081242b8a48532b8c69fe646.exe start2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/452-60-0x00000000753E1000-0x00000000753E3000-memory.dmpFilesize
8KB
-
memory/452-62-0x0000000000250000-0x0000000000255000-memory.dmpFilesize
20KB
-
memory/452-61-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/452-63-0x0000000000400000-0x00000000004C3000-memory.dmpFilesize
780KB
-
memory/1452-64-0x0000000000000000-mapping.dmp
-
memory/1452-66-0x0000000000220000-0x0000000000221000-memory.dmpFilesize
4KB
-
memory/1452-68-0x0000000000400000-0x00000000004C3000-memory.dmpFilesize
780KB