Behavioral Report

max time kernel61s
max time network138s
platformwindows7_x64
resourcewin7-20220414-en
submitted05-05-2022 14:42

Report
Files
Registry
Network
Processes
Mutex
Misc

Target

7b7328a020bf16f8a3915f1a0b4e7ecb.exe

Filesize

13KB

Completed

05-05-2022 14:44

Task

behavioral1

Score

10^/10

MD5

7b7328a020bf16f8a3915f1a0b4e7ecb

SHA1

dd3636d4d11c4a1b9618622cbf758c18dd89cffa

SHA256

e2cc138b0051fc6d2dce76941e2190d964c51754dac13705f63dad2941ccbba7

SHA256

cae2e70cc0e380f3d3cf50689ec36db97559bd9726c97c9b7016b05297f060c456e0e24a9e518eda258f9bdf999a760077946ff7755040ad5cb007768630f053

suricata

suricata: ET MALWARE Win32/SystemBC CnC Checkin

Description

suricata: ET MALWARE Win32/SystemBC CnC Checkin

Tags

suricata

Drops file in Windows directory

7b7328a020bf16f8a3915f1a0b4e7ecb.exe

Reported IOCs

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
File opened for modification	C:\Windows\Tasks\wow64.job	7b7328a020bf16f8a3915f1a0b4e7ecb.exe

Suspicious use of WriteProcessMemory

taskeng.exe

Reported IOCs

description	pid	process	target process
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe

C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe

"C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe"

Drops file in Windows directory

PID:316

C:\Windows\system32\taskeng.exe

taskeng.exe {458E4F8D-D453-44B5-9EF4-00E9074F635E} S-1-5-18:NT AUTHORITY\System:Service:

Suspicious use of WriteProcessMemory

PID:868

C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe

C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe start

PID:904

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

00:00 00:00

memory/316-54-0x0000000076431000-0x0000000076433000-memory.dmp

Download
memory/904-55-0x0000000000000000-mapping.dmp

Download

Filter: none

Description

Tags

Reported IOCs

Reported IOCs

Title