systembc | 22a6e850b9deb9d6682f795349d23c1f660ba5253028a99a62a43a64f2950fc3

Analysis

Target

f4c863f065eaa1fdc7124de0d94b4ca2.exe
Size

140KB
MD5

f4c863f065eaa1fdc7124de0d94b4ca2
SHA1

b7c701a86dae269ecfa405376080dd2eb4e761b1
SHA256

22a6e850b9deb9d6682f795349d23c1f660ba5253028a99a62a43a64f2950fc3
SHA512

65847c5bb894ae984592699b0296f99ee071bbe28e368ac00cef5501655b8db0d0a54661e40e63444fde57de9e778a5852bdb24c6f3ede81cb576fbf62695c72

Score

10^/10

systembc trojan

Family

systembc

69.49.231.218:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

f4c863f065eaa1fdc7124de0d94b4ca2.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	f4c863f065eaa1fdc7124de0d94b4ca2.exe
File opened for modification	C:\Windows\Tasks\wow64.job	f4c863f065eaa1fdc7124de0d94b4ca2.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1632 wrote to memory of 1676	1632	taskeng.exe	f4c863f065eaa1fdc7124de0d94b4ca2.exe
PID 1632 wrote to memory of 1676	1632	taskeng.exe	f4c863f065eaa1fdc7124de0d94b4ca2.exe
PID 1632 wrote to memory of 1676	1632	taskeng.exe	f4c863f065eaa1fdc7124de0d94b4ca2.exe
PID 1632 wrote to memory of 1676	1632	taskeng.exe	f4c863f065eaa1fdc7124de0d94b4ca2.exe

C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe
"C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe"
1⤵
- Drops file in Windows directory
PID:2032

C:\Windows\system32\taskeng.exe
taskeng.exe {2EDB6CCC-0CDA-4DCC-9DDE-8ECBE5094253} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe
  C:\Users\Admin\AppData\Local\Temp\f4c863f065eaa1fdc7124de0d94b4ca2.exe start
  2⤵
  PID:1676

memory/1676-59-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2032-54-0x0000000000220000-0x0000000000226000-memory.dmp

Filesize
24KB

Download
memory/2032-55-0x0000000000230000-0x0000000000235000-memory.dmp

Filesize
20KB

Download
memory/2032-56-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download
memory/2032-57-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download