e2cc138b0051fc6d2dce76941e2190d964c51754dac13705f63dad2941ccbba7 | Triage

Analysis

max time kernel
61s
max time network
138s
platform
windows7_x64
resource
win7-20220414-en
submitted
05-05-2022 14:42

Sharing

Report Analysis Logs

General

Target

7b7328a020bf16f8a3915f1a0b4e7ecb.exe
Size

13KB
MD5

7b7328a020bf16f8a3915f1a0b4e7ecb
SHA1

dd3636d4d11c4a1b9618622cbf758c18dd89cffa
SHA256

e2cc138b0051fc6d2dce76941e2190d964c51754dac13705f63dad2941ccbba7
SHA512

cae2e70cc0e380f3d3cf50689ec36db97559bd9726c97c9b7016b05297f060c456e0e24a9e518eda258f9bdf999a760077946ff7755040ad5cb007768630f053

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata

Drops file in Windows directory 2 IoCs

Processes:

7b7328a020bf16f8a3915f1a0b4e7ecb.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
File opened for modification	C:\Windows\Tasks\wow64.job	7b7328a020bf16f8a3915f1a0b4e7ecb.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe
PID 868 wrote to memory of 904	868	taskeng.exe	7b7328a020bf16f8a3915f1a0b4e7ecb.exe

C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe
"C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe"
1⤵
- Drops file in Windows directory
PID:316

C:\Windows\system32\taskeng.exe
taskeng.exe {458E4F8D-D453-44B5-9EF4-00E9074F635E} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
- Suspicious use of WriteProcessMemory
PID:868

C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe
C:\Users\Admin\AppData\Local\Temp\7b7328a020bf16f8a3915f1a0b4e7ecb.exe start
2⤵
PID:904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/316-54-0x0000000076431000-0x0000000076433000-memory.dmp

Filesize
8KB

Download
memory/904-55-0x0000000000000000-mapping.dmp

Download