Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
28-01-2022 20:51
General
-
Target
b6b48f39779a00c8b8a6fe8ed9db1609.exe
-
Size
284KB
-
MD5
b6b48f39779a00c8b8a6fe8ed9db1609
-
SHA1
3ce9a028d2596d2d827d2a0e3d407a1e6ae83f81
-
SHA256
53ca800262b15721bf8451e7999c935e65d4eb058126e3c1d4eb9942c9c60858
-
SHA512
66ac08eefe461db61df8c817a593ebe5f4413d8fb35bdc1ecb6384930de8b1d5977b20c7ff77c5f3c1816687c8df0df1bf0d869367d3edd8f18b8c97a7880259
Score
10/10
Malware Config
Extracted
Family
systembc
C2
5.39.221.47:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe"C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {98B3C5FC-DA2E-4AFB-9F91-14A80D9403D2} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exeC:\Users\Admin\AppData\Local\Temp\b6b48f39779a00c8b8a6fe8ed9db1609.exe start2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/744-54-0x0000000076041000-0x0000000076043000-memory.dmpFilesize
8KB
-
memory/744-56-0x0000000000030000-0x0000000000035000-memory.dmpFilesize
20KB
-
memory/744-55-0x0000000000020000-0x0000000000026000-memory.dmpFilesize
24KB
-
memory/744-57-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB
-
memory/1060-59-0x0000000000400000-0x0000000000450000-memory.dmpFilesize
320KB