Overview

overview

10

Static

static

dcf55c3817...e6.exe

windows7_x64

10

dcf55c3817...e6.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    191s
  • max time network
    211s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-05-2022 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6.exe

  • Size

    997KB

  • MD5

    47d94d73ed4ccd6a310a1527f47fcd8f

  • SHA1

    b229b65f8df84b82672fc7cc2777712adb739662

  • SHA256

    dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6

  • SHA512

    19244662bc12f11f37437a09715d180b7d436309a4c186db84fdb4b331e6e8862dbe7da8143ac16ecd671ff7412244bd5eb66816b9eacd5cfd3b0f7418171b54

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

185.33.84.190:4124

45.79.237.92:4124

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6.exe
    "C:\Users\Admin\AppData\Local\Temp\dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:5104
  • C:\ProgramData\fvqwxjj\mxxw.exe
    C:\ProgramData\fvqwxjj\mxxw.exe start
    1⤵
    • Executes dropped EXE
    PID:4656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\fvqwxjj\mxxw.exe
    Filesize

    997KB

    MD5

    47d94d73ed4ccd6a310a1527f47fcd8f

    SHA1

    b229b65f8df84b82672fc7cc2777712adb739662

    SHA256

    dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6

    SHA512

    19244662bc12f11f37437a09715d180b7d436309a4c186db84fdb4b331e6e8862dbe7da8143ac16ecd671ff7412244bd5eb66816b9eacd5cfd3b0f7418171b54

    Download Submit
  • C:\ProgramData\fvqwxjj\mxxw.exe
    Filesize

    997KB

    MD5

    47d94d73ed4ccd6a310a1527f47fcd8f

    SHA1

    b229b65f8df84b82672fc7cc2777712adb739662

    SHA256

    dcf55c3817c98cb1b0092311f51d10154f501349611a8dcea2267c0424b935e6

    SHA512

    19244662bc12f11f37437a09715d180b7d436309a4c186db84fdb4b331e6e8862dbe7da8143ac16ecd671ff7412244bd5eb66816b9eacd5cfd3b0f7418171b54

    Download Submit
  • memory/4656-134-0x0000000000400000-0x0000000000502000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/5104-130-0x0000000002280000-0x00000000022C2000-memory.dmp
    Filesize

    264KB

    Download
  • memory/5104-131-0x0000000000400000-0x0000000000502000-memory.dmp
    Filesize

    1.0MB

    Download