systembc | c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5

Analysis

Target

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
Size

1.4MB
MD5

ae3f6af06a02781e995650761b3a82c6
SHA1

ded2009c9a5645c7582b4d1e9bc2e7133689a774
SHA256

c926338972be5bdfdd89574f3dc2fe4d4f70fd4e24c1c6ac5d2439c7fcc50db5
SHA512

31c1009b7b658645b3371c8a7ee6e6953a50b42e529ee69365742b0f7deea1fcc90adf90e6b1522fff998a232a6abef8139003698da0b15856923ad202e4602f

Score

10^/10

systembc trojan

Family

systembc

96.30.196.207:4177

45.32.132.182:4177

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

description	ioc	Process
File created	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
File opened for modification	C:\Windows\Tasks\wow64.job	module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	Process	procid_target
PID 960 wrote to memory of 584	960	taskeng.exe	28
PID 960 wrote to memory of 584	960	taskeng.exe	28
PID 960 wrote to memory of 584	960	taskeng.exe	28
PID 960 wrote to memory of 584	960	taskeng.exe	28

C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
"C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe"
1⤵
- Drops file in Windows directory
PID:956

C:\Windows\system32\taskeng.exe
taskeng.exe {F3F7F8A9-2B90-4CAE-8A4F-B5F00CFBBEC5} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe
  C:\Users\Admin\AppData\Local\Temp\module_e5_538_ae3f6af06a02781e995650761b3a82c6.exe start
  2⤵
  PID:584

memory/584-59-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/584-60-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download
memory/956-54-0x0000000076771000-0x0000000076773000-memory.dmp

Filesize
8KB

Download
memory/956-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/956-56-0x0000000000270000-0x0000000000275000-memory.dmp

Filesize
20KB

Download
memory/956-57-0x0000000000400000-0x0000000000568000-memory.dmp

Filesize
1.4MB

Download