Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows7_x64 -
resource
win7-en-20211014 -
submitted
18-11-2021 19:27
General
-
Target
1d2d5950861d191f0cf126bf80e1857e.exe
-
Size
156KB
-
MD5
1d2d5950861d191f0cf126bf80e1857e
-
SHA1
d7161ac371c18a87023ce37036bcd25d09d7baa4
-
SHA256
74bc8cc794e98d78ac8e4d6eac70cec70e4c8b1359e53e48f653cac84bafdae0
-
SHA512
d189722b83816fcf20bea216e9da1832d44fffe52d5d7c06564f1505d8ccfc15f1cbe106260a14f4a8858eeba047d519a3e46d6e87cef3ffe630c2d1cb42cc63
Score
10/10
Malware Config
Extracted
Family
systembc
C2
91.212.150.113:4199
192.53.123.202:4199
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe"C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {E8B6F811-C332-4B60-8638-8BDFF29C297F} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exeC:\Users\Admin\AppData\Local\Temp\1d2d5950861d191f0cf126bf80e1857e.exe start2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/908-55-0x0000000075B71000-0x0000000075B73000-memory.dmpFilesize
8KB
-
memory/908-57-0x0000000000230000-0x0000000000235000-memory.dmpFilesize
20KB
-
memory/908-56-0x0000000000220000-0x0000000000226000-memory.dmpFilesize
24KB
-
memory/908-58-0x0000000000400000-0x0000000000430000-memory.dmpFilesize
192KB
-
memory/1908-59-0x0000000000000000-mapping.dmp
-
memory/1908-61-0x0000000000400000-0x0000000000430000-memory.dmpFilesize
192KB