Analysis
-
max time kernel
154s -
max time network
145s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
07-02-2022 08:29
General
-
Target
f4c863f065eaa1fdc7124de0d94b4ca2.exe
-
Size
140KB
-
MD5
f4c863f065eaa1fdc7124de0d94b4ca2
-
SHA1
b7c701a86dae269ecfa405376080dd2eb4e761b1
-
SHA256
22a6e850b9deb9d6682f795349d23c1f660ba5253028a99a62a43a64f2950fc3
-
SHA512
65847c5bb894ae984592699b0296f99ee071bbe28e368ac00cef5501655b8db0d0a54661e40e63444fde57de9e778a5852bdb24c6f3ede81cb576fbf62695c72
Score
10/10
Malware Config
Extracted
Family
systembc
C2
69.49.231.218:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe"C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe"1⤵
- Drops file in Windows directory
-
C:\Windows\system32\taskeng.exetaskeng.exe {2EDB6CCC-0CDA-4DCC-9DDE-8ECBE5094253} S-1-5-18:NT AUTHORITY\System:Service:1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exeC:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe start2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1676-59-0x0000000000400000-0x000000000042D000-memory.dmpFilesize
180KB
-
memory/2032-54-0x0000000000220000-0x0000000000226000-memory.dmpFilesize
24KB
-
memory/2032-55-0x0000000000230000-0x0000000000235000-memory.dmpFilesize
20KB
-
memory/2032-56-0x0000000075AE1000-0x0000000075AE3000-memory.dmpFilesize
8KB
-
memory/2032-57-0x0000000000400000-0x000000000042D000-memory.dmpFilesize
180KB