systembc | 4c9b94a436c517923a69b14f4cdf6324bc84ca5b121b04770665d82ed0989f7d

Analysis

Target

6d1ddcf3849b1691b30ec631dd285ae1.exe
Size

388KB
MD5

6d1ddcf3849b1691b30ec631dd285ae1
SHA1

0c3bb96c7987ea9d0c15793dc8b8518e914d6914
SHA256

4c9b94a436c517923a69b14f4cdf6324bc84ca5b121b04770665d82ed0989f7d
SHA512

89ce148623ba6d68cd000fcfed1bf89626b37ad2c3e1f121c63081a27409230ac54264a96cbce6616665bc4950d0402ba10c6fc09707001e9d1ff3654d9bbf7a

Score

10^/10

systembc trojan

Family

systembc

185.215.113.32:4000

78.47.64.46:4000

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

6d1ddcf3849b1691b30ec631dd285ae1.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	6d1ddcf3849b1691b30ec631dd285ae1.exe
File opened for modification	C:\Windows\Tasks\wow64.job	6d1ddcf3849b1691b30ec631dd285ae1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1708 wrote to memory of 300	1708	taskeng.exe	6d1ddcf3849b1691b30ec631dd285ae1.exe
PID 1708 wrote to memory of 300	1708	taskeng.exe	6d1ddcf3849b1691b30ec631dd285ae1.exe
PID 1708 wrote to memory of 300	1708	taskeng.exe	6d1ddcf3849b1691b30ec631dd285ae1.exe
PID 1708 wrote to memory of 300	1708	taskeng.exe	6d1ddcf3849b1691b30ec631dd285ae1.exe

C:\Users\Admin\AppData\Local\Temp\6d1ddcf3849b1691b30ec631dd285ae1.exe
"C:\Users\Admin\AppData\Local\Temp\6d1ddcf3849b1691b30ec631dd285ae1.exe"
1⤵
- Drops file in Windows directory
PID:2028

C:\Windows\system32\taskeng.exe
taskeng.exe {85A935CA-3F47-40B9-AFE0-83EBE8DC0144} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\6d1ddcf3849b1691b30ec631dd285ae1.exe
C:\Users\Admin\AppData\Local\Temp\6d1ddcf3849b1691b30ec631dd285ae1.exe start
2⤵
PID:300

memory/300-64-0x0000000000000000-mapping.dmp

Download
memory/300-66-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/300-68-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/2028-60-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/2028-62-0x00000000001E0000-0x00000000001E5000-memory.dmp

Filesize
20KB

Download
memory/2028-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2028-63-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download