Analysis
-
max time kernel
4294182s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
19-03-2022 08:09
General
-
Target
db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll
-
Size
297KB
-
MD5
232c250165b98356b0c79bbcf746fe34
-
SHA1
89475dc297d9881eb80c6cd384816bfbf64edb7a
-
SHA256
db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e
-
SHA512
a0a5d5b93c8b0cde5cff217d5e3b9aef65e1a5bb29f300265aa638cdb673bd950f072f752e4f931a724280e9640177e8cf6c6d715ea35e2900e5e65841e485c9
Score
10/10
Malware Config
Extracted
Family
systembc
C2
127-0-0-1.in:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\db0408b16b1aa6c4d9c0c0d3eea7621e8c9be7800fbadaf509e7fd99b558658e.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1488-55-0x00000000757E1000-0x00000000757E3000-memory.dmpFilesize
8KB
-
memory/1488-56-0x0000000074A20000-0x0000000074A82000-memory.dmpFilesize
392KB
-
memory/1488-57-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/1488-58-0x0000000074A20000-0x0000000074A27000-memory.dmpFilesize
28KB
-
memory/1556-54-0x000007FEFBE81000-0x000007FEFBE83000-memory.dmpFilesize
8KB