Overview

overview

10

Static

static

9fbeabd476...cd.exe

windows7_x64

10

9fbeabd476...cd.exe

windows10_x64

10

Analysis

  • max time kernel
    62s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    04-07-2021 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9fbeabd476a205fecdcbe66f7c0e54cd.exe

  • Size

    627KB

  • MD5

    9fbeabd476a205fecdcbe66f7c0e54cd

  • SHA1

    63bffa21cecd8d2604fbc9561c7a047a5a2df657

  • SHA256

    bddbc443969ee9ba73dcdca9bec564e4cbeadf3c606681d9ce134b1f356f31f5

  • SHA512

    73e80daaf8ea5c3ef6d7193e92e03ca0fb2b98be3da84d44aa362a4e4cc06a365ff7bb1cd90226c666a36d4f1f92511a82c516238e9f8d42c50e83b950b2fbb5

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

185.215.113.32:4000

78.47.64.46:4000

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9fbeabd476a205fecdcbe66f7c0e54cd.exe
    "C:\Users\Admin\AppData\Local\Temp\9fbeabd476a205fecdcbe66f7c0e54cd.exe"
    1⤵
    • Drops file in Windows directory
    PID:2024
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {4A6A8616-EAA6-4C61-94A2-D26A1691510F} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:300
    • C:\Users\Admin\AppData\Local\Temp\9fbeabd476a205fecdcbe66f7c0e54cd.exe
      C:\Users\Admin\AppData\Local\Temp\9fbeabd476a205fecdcbe66f7c0e54cd.exe start
      2⤵
        PID:556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/556-64-0x0000000000000000-mapping.dmp
      Download
    • memory/556-65-0x0000000000230000-0x0000000000231000-memory.dmp
      Filesize

      4KB

      Download
    • memory/556-68-0x0000000000400000-0x00000000004A2000-memory.dmp
      Filesize

      648KB

      Download
    • memory/2024-60-0x00000000765F1000-0x00000000765F3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2024-61-0x0000000000240000-0x0000000000241000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2024-62-0x0000000000270000-0x0000000000275000-memory.dmp
      Filesize

      20KB

      Download
    • memory/2024-63-0x0000000000400000-0x00000000004A2000-memory.dmp
      Filesize

      648KB

      Download