systembc | db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e

Analysis

Target

db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
Size

297KB
MD5

232c250165b98356b0c79bbcf746fe34
SHA1

89475dc297d9881eb80c6cd384816bfbf64edb7a
SHA256

db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e
SHA512

a0a5d5b93c8b0cde5cff217d5e3b9aef65e1a5bb29f300265aa638cdb673bd950f072f752e4f931a724280e9640177e8cf6c6d715ea35e2900e5e65841e485c9

Score

10^/10

systembc trojan

Family

systembc

127-0-0-1.in:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe
PID 1556 wrote to memory of 1488	1556	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
  2⤵
  PID:1488

memory/1488-55-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/1488-56-0x0000000074A20000-0x0000000074A82000-memory.dmp

Filesize
392KB

Download
memory/1488-57-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/1488-58-0x0000000074A20000-0x0000000074A27000-memory.dmp

Filesize
28KB

Download
memory/1556-54-0x000007FEFBE81000-0x000007FEFBE83000-memory.dmp

Filesize
8KB

Download