systembc | 073bc58ee928f589d0ed4fc556df8d11477c29590c5239bbb02392fcfe88458c

Analysis

Target

bf03442f038443b9e4eff1081bb51c38.exe
Size

331KB
MD5

bf03442f038443b9e4eff1081bb51c38
SHA1

c0c66486acc3c13ab842cb13a2a40ce316b7fc00
SHA256

073bc58ee928f589d0ed4fc556df8d11477c29590c5239bbb02392fcfe88458c
SHA512

3eb5a6272b091e7a6a132dd09ed9d5739d67a6fc31a5289e63f4f0393288e4c44048a616c3514bddb8b0675b14c858224444d2926d38eeb1ad7a9c5d4307d733

Score

10^/10

systembc trojan

Family

systembc

185.173.39.49:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

bf03442f038443b9e4eff1081bb51c38.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	bf03442f038443b9e4eff1081bb51c38.exe
File opened for modification	C:\Windows\Tasks\wow64.job	bf03442f038443b9e4eff1081bb51c38.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1492 wrote to memory of 1872	1492	taskeng.exe	bf03442f038443b9e4eff1081bb51c38.exe
PID 1492 wrote to memory of 1872	1492	taskeng.exe	bf03442f038443b9e4eff1081bb51c38.exe
PID 1492 wrote to memory of 1872	1492	taskeng.exe	bf03442f038443b9e4eff1081bb51c38.exe
PID 1492 wrote to memory of 1872	1492	taskeng.exe	bf03442f038443b9e4eff1081bb51c38.exe

C:\Users\Admin\AppData\Local\Temp\bf03442f038443b9e4eff1081bb51c38.exe
"C:\Users\Admin\AppData\Local\Temp\bf03442f038443b9e4eff1081bb51c38.exe"
1⤵
- Drops file in Windows directory
PID:1640

C:\Windows\system32\taskeng.exe
taskeng.exe {D9822BA7-B3D0-4213-91E7-4BC55A4329A2} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\bf03442f038443b9e4eff1081bb51c38.exe
  C:\Users\Admin\AppData\Local\Temp\bf03442f038443b9e4eff1081bb51c38.exe start
  2⤵
  PID:1872

memory/1640-55-0x0000000002EFB000-0x0000000002F0C000-memory.dmp

Filesize
68KB

Download
memory/1640-56-0x0000000000220000-0x0000000000225000-memory.dmp

Filesize
20KB

Download
memory/1640-57-0x0000000075821000-0x0000000075823000-memory.dmp

Filesize
8KB

Download
memory/1640-58-0x0000000000400000-0x0000000002DAA000-memory.dmp

Filesize
41.7MB

Download
memory/1872-59-0x0000000000000000-mapping.dmp

Download
memory/1872-60-0x0000000002F5B000-0x0000000002F6C000-memory.dmp

Filesize
68KB

Download
memory/1872-62-0x0000000000400000-0x0000000002DAA000-memory.dmp

Filesize
41.7MB

Download