systembc | 3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a370689dc516c2418a58e

Analysis

Target

3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
Size

344KB
MD5

0c8e60e686bed8b0debc760b085f89a7
SHA1

60eae9962d92223a448f978004972f4be2f10588
SHA256

3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a370689dc516c2418a58e
SHA512

e0be1a48c2715c820306ca43443f010ab65589525e35755e42df8291dfad083cb2f6f8204f44c4248269221212eaf8f73fdf1c44f24be217d40e42a0b62648f3

Score

10^/10

systembc trojan

Family

systembc

107.155.124.13:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
File opened for modification	C:\Windows\Tasks\wow64.job	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1928 wrote to memory of 660	1928	taskeng.exe	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
PID 1928 wrote to memory of 660	1928	taskeng.exe	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
PID 1928 wrote to memory of 660	1928	taskeng.exe	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
PID 1928 wrote to memory of 660	1928	taskeng.exe	3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe

C:\Users\Admin\AppData\Local\Temp\3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
"C:\Users\Admin\AppData\Local\Temp\3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe"
1⤵
- Drops file in Windows directory
PID:1844

C:\Windows\system32\taskeng.exe
taskeng.exe {5A1461A0-2219-4DA9-8AAA-694BF904D5CB} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:1928

C:\Users\Admin\AppData\Local\Temp\3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe
C:\Users\Admin\AppData\Local\Temp\3d44aa7a97608eb72bb53fc9c679e21381867f6e5a2a3.exe start
2⤵
PID:660

memory/660-58-0x000000000026B000-0x000000000027C000-memory.dmp

Filesize
68KB

Download
memory/660-60-0x000000000026B000-0x000000000027C000-memory.dmp

Filesize
68KB

Download
memory/660-61-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1844-53-0x000000000028B000-0x000000000029C000-memory.dmp

Filesize
68KB

Download
memory/1844-54-0x0000000075341000-0x0000000075343000-memory.dmp

Filesize
8KB

Download
memory/1844-56-0x00000000001C0000-0x00000000001C5000-memory.dmp

Filesize
20KB

Download
memory/1844-55-0x000000000028B000-0x000000000029C000-memory.dmp

Filesize
68KB

Download
memory/1844-57-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download