systembc | 49763b5871eae34139060e486a62817242212a549593a1875a5221655b510334

Analysis

Target

e517ff2f13d6f05c8259cc1174e0f804.exe
Size

296KB
MD5

e517ff2f13d6f05c8259cc1174e0f804
SHA1

5fd52b250fcafd5fe263be86d237f39582e96a26
SHA256

49763b5871eae34139060e486a62817242212a549593a1875a5221655b510334
SHA512

badab95d51a2f1b6a1df80b7499643a60d5e81be3ec47890ba072fdaf9e6756818252cf3d333eb52c6f1ced9e2f15331d81b7dd475bb06972e2ee71c665c09b9

Score

10^/10

systembc trojan

Family

systembc

62.113.114.61:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

e517ff2f13d6f05c8259cc1174e0f804.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	e517ff2f13d6f05c8259cc1174e0f804.exe
File opened for modification	C:\Windows\Tasks\wow64.job	e517ff2f13d6f05c8259cc1174e0f804.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1660 wrote to memory of 1840	1660	taskeng.exe	e517ff2f13d6f05c8259cc1174e0f804.exe
PID 1660 wrote to memory of 1840	1660	taskeng.exe	e517ff2f13d6f05c8259cc1174e0f804.exe
PID 1660 wrote to memory of 1840	1660	taskeng.exe	e517ff2f13d6f05c8259cc1174e0f804.exe
PID 1660 wrote to memory of 1840	1660	taskeng.exe	e517ff2f13d6f05c8259cc1174e0f804.exe

C:\Users\Admin\AppData\Local\Temp\e517ff2f13d6f05c8259cc1174e0f804.exe
"C:\Users\Admin\AppData\Local\Temp\e517ff2f13d6f05c8259cc1174e0f804.exe"
1⤵
- Drops file in Windows directory
PID:804

C:\Windows\system32\taskeng.exe
taskeng.exe {93521149-86B7-4C5A-9DE7-E373EE208FAA} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1660

C:\Users\Admin\AppData\Local\Temp\e517ff2f13d6f05c8259cc1174e0f804.exe
C:\Users\Admin\AppData\Local\Temp\e517ff2f13d6f05c8259cc1174e0f804.exe start
2⤵
PID:1840

memory/804-55-0x00000000018F0000-0x000000000191F000-memory.dmp

Filesize
188KB

Download
memory/804-56-0x0000000074B21000-0x0000000074B23000-memory.dmp

Filesize
8KB

Download
memory/804-57-0x0000000000230000-0x0000000000235000-memory.dmp

Filesize
20KB

Download
memory/804-58-0x0000000000400000-0x0000000001782000-memory.dmp

Filesize
19.5MB

Download
memory/1840-59-0x00000000018A0000-0x00000000018CF000-memory.dmp

Filesize
188KB

Download
memory/1840-61-0x0000000000400000-0x0000000001782000-memory.dmp

Filesize
19.5MB

Download