Overview

overview

10

Static

static

142939679a...3e.exe

windows7_x64

10

142939679a...3e.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    28-03-2022 07:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    142939679afaeaf6cf66d3b80ea7d63e.exe

  • Size

    255KB

  • MD5

    142939679afaeaf6cf66d3b80ea7d63e

  • SHA1

    149465fd8b48f262bcf361047bb8035b5b1f33a2

  • SHA256

    64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

  • SHA512

    bed423909f581415e80bf44960c5415f2527eee02cfd39b6201c1d67831be1dbefe27d58b27e4118cfddbeee42251596fa1f6e8912d6b22143dd75cf455561b8

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\142939679afaeaf6cf66d3b80ea7d63e.exe
    "C:\Users\Admin\AppData\Local\Temp\142939679afaeaf6cf66d3b80ea7d63e.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1540
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 948
      2⤵
      • Program crash
      PID:4920
  • C:\ProgramData\cpvctu\qwagbnj.exe
    C:\ProgramData\cpvctu\qwagbnj.exe start
    1⤵
    • Executes dropped EXE
    PID:3484
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1540 -ip 1540
    1⤵
      PID:4956

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\cpvctu\qwagbnj.exe
      Filesize

      255KB

      MD5

      142939679afaeaf6cf66d3b80ea7d63e

      SHA1

      149465fd8b48f262bcf361047bb8035b5b1f33a2

      SHA256

      64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

      SHA512

      bed423909f581415e80bf44960c5415f2527eee02cfd39b6201c1d67831be1dbefe27d58b27e4118cfddbeee42251596fa1f6e8912d6b22143dd75cf455561b8

      Download Submit

    • C:\ProgramData\cpvctu\qwagbnj.exe
      Filesize

      255KB

      MD5

      142939679afaeaf6cf66d3b80ea7d63e

      SHA1

      149465fd8b48f262bcf361047bb8035b5b1f33a2

      SHA256

      64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

      SHA512

      bed423909f581415e80bf44960c5415f2527eee02cfd39b6201c1d67831be1dbefe27d58b27e4118cfddbeee42251596fa1f6e8912d6b22143dd75cf455561b8

      Download Submit

    • memory/1540-130-0x00000000006F8000-0x0000000000701000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1540-131-0x00000000006F8000-0x0000000000701000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1540-132-0x00000000001F0000-0x00000000001F9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1540-133-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download

    • memory/3484-136-0x0000000000685000-0x000000000068E000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3484-137-0x0000000000685000-0x000000000068E000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3484-138-0x0000000000400000-0x0000000000482000-memory.dmp

      Filesize

      520KB

      Download