systembc | 12acd7745d22a1b295e3fd96e3994a2a36d456df3cab6f3493942c79e942a43b

Analysis

Target

7f17f223e4da250bfe4bfff2fc91bc13.exe
Size

718KB
MD5

7f17f223e4da250bfe4bfff2fc91bc13
SHA1

1172ef0932115441dec43378f15d74f42fdb1d42
SHA256

12acd7745d22a1b295e3fd96e3994a2a36d456df3cab6f3493942c79e942a43b
SHA512

8db28083b68fb8283d3a22ee2c59c5d9b1471bd2c0448a0f63ab2373b05a87e991b7601d2e4d4e7e26865403823f6c7d4c7c367ee52b28d5da2b9b93318193c0

Score

10^/10

systembc trojan

Family

systembc

185.215.113.32:4000

78.47.64.46:4000

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

7f17f223e4da250bfe4bfff2fc91bc13.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	7f17f223e4da250bfe4bfff2fc91bc13.exe
File opened for modification	C:\Windows\Tasks\wow64.job	7f17f223e4da250bfe4bfff2fc91bc13.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1552 wrote to memory of 1368	1552	taskeng.exe	7f17f223e4da250bfe4bfff2fc91bc13.exe
PID 1552 wrote to memory of 1368	1552	taskeng.exe	7f17f223e4da250bfe4bfff2fc91bc13.exe
PID 1552 wrote to memory of 1368	1552	taskeng.exe	7f17f223e4da250bfe4bfff2fc91bc13.exe
PID 1552 wrote to memory of 1368	1552	taskeng.exe	7f17f223e4da250bfe4bfff2fc91bc13.exe

C:\Users\Admin\AppData\Local\Temp\7f17f223e4da250bfe4bfff2fc91bc13.exe
"C:\Users\Admin\AppData\Local\Temp\7f17f223e4da250bfe4bfff2fc91bc13.exe"
1⤵
- Drops file in Windows directory
PID:1180

C:\Windows\system32\taskeng.exe
taskeng.exe {6A37D9D6-A723-48B3-A3AB-6CC455FFB709} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Users\Admin\AppData\Local\Temp\7f17f223e4da250bfe4bfff2fc91bc13.exe
  C:\Users\Admin\AppData\Local\Temp\7f17f223e4da250bfe4bfff2fc91bc13.exe start
  2⤵
  PID:1368

memory/1180-59-0x0000000075EF1000-0x0000000075EF3000-memory.dmp

Filesize
8KB

Download
memory/1180-61-0x0000000000290000-0x0000000000295000-memory.dmp

Filesize
20KB

Download
memory/1180-62-0x0000000000400000-0x00000000004B9000-memory.dmp

Filesize
740KB

Download
memory/1180-60-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1368-63-0x0000000000000000-mapping.dmp

Download
memory/1368-65-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1368-67-0x0000000000400000-0x00000000004B9000-memory.dmp

Filesize
740KB

Download