Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
23-11-2021 08:11
General
-
Target
23e0db71f3d2182bb78ed5aaed6dbe31.exe
-
Size
149KB
-
MD5
23e0db71f3d2182bb78ed5aaed6dbe31
-
SHA1
bdd3f63038f0c5cb80812289694da6e1d81b74ed
-
SHA256
1f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
-
SHA512
03964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3
Malware Config
Extracted
systembc
45.156.26.59:4179
217.182.46.152:4179
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\23e0db71f3d2182bb78ed5aaed6dbe31.exe"C:\Users\Admin\AppData\Local\Temp\23e0db71f3d2182bb78ed5aaed6dbe31.exe"1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\23e0db71f3d2182bb78ed5aaed6dbe31.exeC:\Users\Admin\AppData\Local\Temp\23e0db71f3d2182bb78ed5aaed6dbe31.exe start1⤵
- Drops file in Windows directory
-
C:\Windows\TEMP\tcaenb.exeC:\Windows\TEMP\tcaenb.exe1⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\TEMP\tcaenb.exeC:\Windows\TEMP\tcaenb.exe start1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\TEMP\tcaenb.exeMD5
23e0db71f3d2182bb78ed5aaed6dbe31
SHA1bdd3f63038f0c5cb80812289694da6e1d81b74ed
SHA2561f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
SHA51203964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3
-
C:\Windows\Tasks\wow64.jobMD5
1d41dfe5c1424ed6576964db3a78c15f
SHA12c2a1f1682ecc778369be38e3b8bc2e7a43929d7
SHA25634383e03ff2f913d1318268fe4912251c83deee1f71e469ef3b63e893153e69c
SHA5122974861246675688537d50fe6b0d6fd1ca0f524124a35595068a7724efda2c7ba10b39cb536f1b523e9a1aac15787193e1f9a1a7b40fc6d38bb888ef8c3832fb
-
C:\Windows\Temp\tcaenb.exeMD5
23e0db71f3d2182bb78ed5aaed6dbe31
SHA1bdd3f63038f0c5cb80812289694da6e1d81b74ed
SHA2561f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
SHA51203964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3
-
C:\Windows\Temp\tcaenb.exeMD5
23e0db71f3d2182bb78ed5aaed6dbe31
SHA1bdd3f63038f0c5cb80812289694da6e1d81b74ed
SHA2561f65b5b41f6821ecb05aa14f391939ad2d527c7b1b48c377a5a4647051c5ae84
SHA51203964f4dae03248bf3458d15334046632fc7ccc843f23f2b628a0e52aa162a347dfc5d7dd8307e98fa4e1cd17e9aa597513286859a6fbc2f9a124f9b54723ff3
-
memory/380-125-0x0000000000430000-0x00000000004DE000-memory.dmpFilesize
696KB
-
memory/380-124-0x0000000000430000-0x00000000004DE000-memory.dmpFilesize
696KB
-
memory/380-126-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/400-123-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/2732-116-0x00000000001F0000-0x00000000001F5000-memory.dmpFilesize
20KB
-
memory/2732-115-0x00000000001E0000-0x00000000001E6000-memory.dmpFilesize
24KB
-
memory/2732-117-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB
-
memory/3696-118-0x0000000000400000-0x000000000042E000-memory.dmpFilesize
184KB