Overview

overview

10

Static

static

1084219642...93.exe

windows7_x64

10

1084219642...93.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294178s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    27-03-2022 17:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1084219642d497a177c7a02c9c31b193.exe

  • Size

    230KB

  • MD5

    1084219642d497a177c7a02c9c31b193

  • SHA1

    d98644be834e7d3d12346956986f40fb6f50cdf9

  • SHA256

    7861180570ecfb48fccc3e1cff748974c64e58c31530aee4f9243af810200cc3

  • SHA512

    a9e47b2fc6c67ce395adf4f74d4eeb0ecd6ebe79062b61625acb95b6ce7fce0f95adb0b10985ade965c61190564c2a2345be119c3c5c4a6bd99e346495dd82bb

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    suricata
  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    suricata
  • suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata: ET MALWARE Win32/SystemBC CnC Checkin

    suricata
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1084219642d497a177c7a02c9c31b193.exe
    "C:\Users\Admin\AppData\Local\Temp\1084219642d497a177c7a02c9c31b193.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1436
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {C4512A4B-1CA9-42A9-B3E5-3EC43CF4566A} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1312
    • C:\ProgramData\uwuvc\enqip.exe
      C:\ProgramData\uwuvc\enqip.exe start
      2⤵
      • Executes dropped EXE
      PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\uwuvc\enqip.exe
    Filesize

    230KB

    MD5

    1084219642d497a177c7a02c9c31b193

    SHA1

    d98644be834e7d3d12346956986f40fb6f50cdf9

    SHA256

    7861180570ecfb48fccc3e1cff748974c64e58c31530aee4f9243af810200cc3

    SHA512

    a9e47b2fc6c67ce395adf4f74d4eeb0ecd6ebe79062b61625acb95b6ce7fce0f95adb0b10985ade965c61190564c2a2345be119c3c5c4a6bd99e346495dd82bb

    Download Submit
  • C:\ProgramData\uwuvc\enqip.exe
    Filesize

    230KB

    MD5

    1084219642d497a177c7a02c9c31b193

    SHA1

    d98644be834e7d3d12346956986f40fb6f50cdf9

    SHA256

    7861180570ecfb48fccc3e1cff748974c64e58c31530aee4f9243af810200cc3

    SHA512

    a9e47b2fc6c67ce395adf4f74d4eeb0ecd6ebe79062b61625acb95b6ce7fce0f95adb0b10985ade965c61190564c2a2345be119c3c5c4a6bd99e346495dd82bb

    Download Submit
  • memory/772-60-0x0000000000000000-mapping.dmp
    Download
  • memory/772-62-0x000000000064E000-0x0000000000656000-memory.dmp
    Filesize

    32KB

    Download
  • memory/772-64-0x000000000064E000-0x0000000000656000-memory.dmp
    Filesize

    32KB

    Download
  • memory/772-65-0x0000000000400000-0x000000000047C000-memory.dmp
    Filesize

    496KB

    Download
  • memory/1436-54-0x000000000053E000-0x0000000000547000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1436-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1436-56-0x000000000053E000-0x0000000000547000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1436-57-0x0000000000220000-0x0000000000229000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1436-58-0x0000000000400000-0x000000000047C000-memory.dmp
    Filesize

    496KB

    Download