systembc | 2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961

General

Target

2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe
Size

289KB
MD5

375389bf695377358b96e03c5b091a6e
SHA1

c03751ce0025d329fc07c604d41cda77c03858b3
SHA256

2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961
SHA512

4c34f930fa6cc6eca979fb0b1d94384398f21674a93164a76825eff2b1e8a249534c941177920d4ca81defa4fc130e897a958e472185341354293ac7416bd30f

Score

10^/10

systembc trojan

Family

systembc

C2

mdadvertx17.xyz:4044

pkspacex19.xyz:4044

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

tdifdm.exe

pid process

856 tdifdm.exe

pid	process
856	tdifdm.exe

Drops file in Windows directory 2 IoCs

Processes:

2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe

description	ioc	process
File created	C:\Windows\Tasks\tdifdm.job	2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe
File opened for modification	C:\Windows\Tasks\tdifdm.job	2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe

pid process

1972 2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe

pid	process
1972	2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

taskeng.exe

description	pid	process	target process
PID 1368 wrote to memory of 856	1368	taskeng.exe	tdifdm.exe
PID 1368 wrote to memory of 856	1368	taskeng.exe	tdifdm.exe
PID 1368 wrote to memory of 856	1368	taskeng.exe	tdifdm.exe
PID 1368 wrote to memory of 856	1368	taskeng.exe	tdifdm.exe

C:\Windows\system32\taskeng.exe
taskeng.exe {6FF2F842-31EF-41E2-96F9-3F49B95C12E9} S-1-5-21-2277218442-1199762539-2004043321-1000:AUVQQRRF\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\ProgramData\uskkepe\tdifdm.exe
C:\ProgramData\uskkepe\tdifdm.exe start2
2⤵
- Executes dropped EXE
PID:856

C:\ProgramData\uskkepe\tdifdm.exe
Filesize
289KB

MD5
375389bf695377358b96e03c5b091a6e

SHA1
c03751ce0025d329fc07c604d41cda77c03858b3

SHA256
2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961

SHA512
4c34f930fa6cc6eca979fb0b1d94384398f21674a93164a76825eff2b1e8a249534c941177920d4ca81defa4fc130e897a958e472185341354293ac7416bd30f

Download Submit
C:\ProgramData\uskkepe\tdifdm.exe
Filesize
289KB

MD5
375389bf695377358b96e03c5b091a6e

SHA1
c03751ce0025d329fc07c604d41cda77c03858b3

SHA256
2dd3e669bd3b9727e7b744198c7ad0399a89c5e4287f8572fb9f19aaca93c961

SHA512
4c34f930fa6cc6eca979fb0b1d94384398f21674a93164a76825eff2b1e8a249534c941177920d4ca81defa4fc130e897a958e472185341354293ac7416bd30f

Download Submit
memory/856-60-0x0000000000000000-mapping.dmp

Download
memory/856-63-0x00000000004FA000-0x0000000000500000-memory.dmp

Filesize
24KB

Download
memory/856-64-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1972-54-0x0000000076721000-0x0000000076723000-memory.dmp

Filesize
8KB

Download
memory/1972-56-0x0000000000020000-0x0000000000029000-memory.dmp

Filesize
36KB

Download
memory/1972-55-0x00000000002EA000-0x00000000002F0000-memory.dmp

Filesize
24KB

Download
memory/1972-57-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/1972-58-0x00000000002EA000-0x00000000002F0000-memory.dmp

Filesize
24KB

Download