systembc | 1b1d3d6ce262d1fcef892931d10e7dd77963c0d4a8134b73dc49eced853c29e5

Analysis

Target

ec77832d45fd52331dc4a1c243b1a707.exe
Size

174KB
MD5

ec77832d45fd52331dc4a1c243b1a707
SHA1

f3dc139d71b653280b7842e56f2d0845a4316616
SHA256

1b1d3d6ce262d1fcef892931d10e7dd77963c0d4a8134b73dc49eced853c29e5
SHA512

cc00c7225a892eed4a195cbfea7c648f0287c53cf82d4acdacb8f260e46ff8a3ede75c4d0bf2470fc089bf5be6db7a36b58cd0f56651e969ac13c78e0378e2ca

Score

10^/10

systembc trojan

Family

systembc

185.173.39.49:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

ec77832d45fd52331dc4a1c243b1a707.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	ec77832d45fd52331dc4a1c243b1a707.exe
File opened for modification	C:\Windows\Tasks\wow64.job	ec77832d45fd52331dc4a1c243b1a707.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 568 wrote to memory of 1660	568	taskeng.exe	ec77832d45fd52331dc4a1c243b1a707.exe
PID 568 wrote to memory of 1660	568	taskeng.exe	ec77832d45fd52331dc4a1c243b1a707.exe
PID 568 wrote to memory of 1660	568	taskeng.exe	ec77832d45fd52331dc4a1c243b1a707.exe
PID 568 wrote to memory of 1660	568	taskeng.exe	ec77832d45fd52331dc4a1c243b1a707.exe

C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe
"C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe"
1⤵
- Drops file in Windows directory
PID:1864

C:\Windows\system32\taskeng.exe
taskeng.exe {A5162C92-1FFC-482E-A2C2-63E55B4B1BD1} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:568
- C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe
  C:\Users\Admin\AppData\Local\Temp\ec77832d45fd52331dc4a1c243b1a707.exe start
  2⤵
  PID:1660

memory/1660-59-0x0000000000000000-mapping.dmp

Download
memory/1660-61-0x0000000000400000-0x0000000002EF1000-memory.dmp

Filesize
42.9MB

Download
memory/1864-55-0x0000000075B71000-0x0000000075B73000-memory.dmp

Filesize
8KB

Download
memory/1864-58-0x0000000000400000-0x0000000002EF1000-memory.dmp

Filesize
42.9MB

Download
memory/1864-57-0x0000000000030000-0x0000000000035000-memory.dmp

Filesize
20KB

Download
memory/1864-56-0x0000000000020000-0x0000000000026000-memory.dmp

Filesize
24KB

Download