Overview

overview

10

Static

static

10

9831973383...dd.exe

windows7_x64

10

9831973383...dd.exe

windows10_x64

4

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    28-01-2022 08:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98319733830d33ba8fe64960725fd9dd.exe

  • Size

    14KB

  • MD5

    98319733830d33ba8fe64960725fd9dd

  • SHA1

    2b1b7cb9c254f72ff2bb08bc568f67d48f207953

  • SHA256

    2a1ba880f0cacda99db3eed861bc738a3f8ec6cac2518da431c446851fb4f923

  • SHA512

    34ea5ae957e8b4e67238ccf9446f5407ab6cdc22d5947c5cd1816a4b1cced01add5f992b3527642a4486c2d0f5f817ba7bb3554b4369af99f514e443c91b2e7f

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98319733830d33ba8fe64960725fd9dd.exe
    "C:\Users\Admin\AppData\Local\Temp\98319733830d33ba8fe64960725fd9dd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:964
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {301FF60D-E037-443F-B48D-6234A9A37ECF} S-1-5-21-2329389628-4064185017-3901522362-1000:QSKGHMYQ\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1252
    • C:\ProgramData\mpeh\daujtqw.exe
      C:\ProgramData\mpeh\daujtqw.exe start2
      2⤵
      • Executes dropped EXE
      PID:1596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\mpeh\daujtqw.exe
    MD5

    98319733830d33ba8fe64960725fd9dd

    SHA1

    2b1b7cb9c254f72ff2bb08bc568f67d48f207953

    SHA256

    2a1ba880f0cacda99db3eed861bc738a3f8ec6cac2518da431c446851fb4f923

    SHA512

    34ea5ae957e8b4e67238ccf9446f5407ab6cdc22d5947c5cd1816a4b1cced01add5f992b3527642a4486c2d0f5f817ba7bb3554b4369af99f514e443c91b2e7f

    Download Submit
  • C:\ProgramData\mpeh\daujtqw.exe
    MD5

    98319733830d33ba8fe64960725fd9dd

    SHA1

    2b1b7cb9c254f72ff2bb08bc568f67d48f207953

    SHA256

    2a1ba880f0cacda99db3eed861bc738a3f8ec6cac2518da431c446851fb4f923

    SHA512

    34ea5ae957e8b4e67238ccf9446f5407ab6cdc22d5947c5cd1816a4b1cced01add5f992b3527642a4486c2d0f5f817ba7bb3554b4369af99f514e443c91b2e7f

    Download Submit
  • memory/964-55-0x0000000075F91000-0x0000000075F93000-memory.dmp
    Filesize

    8KB

    Download