Overview

overview

10

Static

static

776dea13d3...c2.exe

windows7_x64

10

776dea13d3...c2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    181s
  • max time network
    197s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    24-03-2022 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2.exe

  • Size

    359KB

  • MD5

    e7257f950392e2d066876e0f2c0f4edc

  • SHA1

    85d70a406fec548e52086ea5da1c7d106be5c2c9

  • SHA256

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

  • SHA512

    885a33de76be19e876299a7e030e80ce734065d2bf46a0cea2900ea706197e6abf898ee24929e26040748a0fd1be53ae96d891b76051cce56f7bd34cb2e7690d

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

172.105.196.152:4114

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2.exe
    "C:\Users\Admin\AppData\Local\Temp\776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:5112
  • C:\ProgramData\ifjkln\wjui.exe
    C:\ProgramData\ifjkln\wjui.exe start
    1⤵
    • Executes dropped EXE
    PID:3020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\ifjkln\wjui.exe
    MD5

    e7257f950392e2d066876e0f2c0f4edc

    SHA1

    85d70a406fec548e52086ea5da1c7d106be5c2c9

    SHA256

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

    SHA512

    885a33de76be19e876299a7e030e80ce734065d2bf46a0cea2900ea706197e6abf898ee24929e26040748a0fd1be53ae96d891b76051cce56f7bd34cb2e7690d

    Download Submit
  • C:\ProgramData\ifjkln\wjui.exe
    MD5

    e7257f950392e2d066876e0f2c0f4edc

    SHA1

    85d70a406fec548e52086ea5da1c7d106be5c2c9

    SHA256

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

    SHA512

    885a33de76be19e876299a7e030e80ce734065d2bf46a0cea2900ea706197e6abf898ee24929e26040748a0fd1be53ae96d891b76051cce56f7bd34cb2e7690d

    Download Submit
  • memory/3020-136-0x0000000000400000-0x000000000055A000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/3020-137-0x0000000000400000-0x000000000055A000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/5112-130-0x0000000000400000-0x000000000055A000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/5112-131-0x0000000000400000-0x000000000040A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/5112-132-0x0000000000400000-0x000000000055A000-memory.dmp
    Filesize

    1.4MB

    Download