systembc | f75ff7d2557cde3b8745dc14ac93ea6c6876449549ee3f135a47b523e1cb6c6f

Analysis

Target

0f28f76319032731d48add6e6151dd43.exe
Size

233KB
MD5

0f28f76319032731d48add6e6151dd43
SHA1

c3eb544fd54c82318b46de7db1480bc91160dbbf
SHA256

f75ff7d2557cde3b8745dc14ac93ea6c6876449549ee3f135a47b523e1cb6c6f
SHA512

c65c1da71400098c2baaa0281c0c6407955f5f54eb7d532304c085798ba52eeb0881704fcb1fa5c56702b7ea10236d2d12a64477efb8776bf4b89d7ca662b69b

Score

10^/10

systembc trojan

Family

systembc

104.144.69.123:4001

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

0f28f76319032731d48add6e6151dd43.exe

description	ioc	process
File opened for modification	C:\Windows\Tasks\wow64.job	0f28f76319032731d48add6e6151dd43.exe
File created	C:\Windows\Tasks\wow64.job	0f28f76319032731d48add6e6151dd43.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 944 wrote to memory of 1716	944	taskeng.exe	0f28f76319032731d48add6e6151dd43.exe
PID 944 wrote to memory of 1716	944	taskeng.exe	0f28f76319032731d48add6e6151dd43.exe
PID 944 wrote to memory of 1716	944	taskeng.exe	0f28f76319032731d48add6e6151dd43.exe
PID 944 wrote to memory of 1716	944	taskeng.exe	0f28f76319032731d48add6e6151dd43.exe

C:\Users\Admin\AppData\Local\Temp\0f28f76319032731d48add6e6151dd43.exe
"C:\Users\Admin\AppData\Local\Temp\0f28f76319032731d48add6e6151dd43.exe"
1⤵
- Drops file in Windows directory
PID:1052

C:\Windows\system32\taskeng.exe
taskeng.exe {9F0675BB-A8E6-4C07-905A-8DB5E451366A} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\0f28f76319032731d48add6e6151dd43.exe
  C:\Users\Admin\AppData\Local\Temp\0f28f76319032731d48add6e6151dd43.exe start
  2⤵
  PID:1716

memory/1052-54-0x000000000026F000-0x0000000000278000-memory.dmp

Filesize
36KB

Download
memory/1052-55-0x0000000075F71000-0x0000000075F73000-memory.dmp

Filesize
8KB

Download
memory/1052-56-0x000000000026F000-0x0000000000278000-memory.dmp

Filesize
36KB

Download
memory/1052-57-0x0000000000240000-0x0000000000245000-memory.dmp

Filesize
20KB

Download
memory/1052-58-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1716-59-0x0000000000000000-mapping.dmp

Download
memory/1716-60-0x000000000028F000-0x0000000000298000-memory.dmp

Filesize
36KB

Download
memory/1716-62-0x000000000028F000-0x0000000000298000-memory.dmp

Filesize
36KB

Download
memory/1716-63-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download