systembc | c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5

Analysis

Target

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
Size

1.4MB
MD5

ae3f6af06a02781e995650761b3a82c6
SHA1

ded2009c9a5645c7582b4d1e9bc2e7133689a774
SHA256

c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5
SHA512

31c1009b7b658645b3371c8a7ee6e6953a50b42e529ee69365742b0f7deea1fcc90adf90e6b1522fff998a232a6abef8139003698da0b15856923ad202e4602f

Score

10^/10

systembc trojan

Family

systembc

96.30.196.207:4177

45.32.132.182:4177

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
File opened for modification	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 960 wrote to memory of 584	960	taskeng.exe	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
PID 960 wrote to memory of 584	960	taskeng.exe	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
PID 960 wrote to memory of 584	960	taskeng.exe	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
PID 960 wrote to memory of 584	960	taskeng.exe	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
"C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe"
1⤵
- Drops file in Windows directory
PID:956

C:\Windows\system32\taskeng.exe
taskeng.exe {F3F7F8A9-2B90-4CAE-8A4F-B5F00CFBBEC5} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe start
2⤵
PID:584

memory/584-59-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/584-60-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download
memory/956-54-0x0000000076771000-0x0000000076773000-memory.dmp

Filesize
8KB

Download
memory/956-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/956-56-0x0000000000270000-0x0000000000275000-memory.dmp

Filesize
20KB

Download
memory/956-57-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download