Overview

overview

10

Static

static

d42f5b2eb3...c1.exe

windows7-x64

10

d42f5b2eb3...c1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2022 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1.exe

  • Size

    165KB

  • MD5

    299fd6f018adf3df8f4c0c49f43f3841

  • SHA1

    16b95f12a1f30ea9f3d4c55fa468a5f7e8f5ef1e

  • SHA256

    d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1

  • SHA512

    cbfb0f7f0d5532ee2ca03f391980dbbbd031bf36f1d2b78140bc02ec5dd7c1b8dc8c0bb7d948ad56918a629959d5331a73047a91067e43760cadd3f942add886

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1.exe
    "C:\Users\Admin\AppData\Local\Temp\d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1136
  • C:\ProgramData\pckr\jvbd.exe
    C:\ProgramData\pckr\jvbd.exe start2
    1⤵
    • Executes dropped EXE
    PID:3592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\pckr\jvbd.exe
    Filesize

    165KB

    MD5

    299fd6f018adf3df8f4c0c49f43f3841

    SHA1

    16b95f12a1f30ea9f3d4c55fa468a5f7e8f5ef1e

    SHA256

    d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1

    SHA512

    cbfb0f7f0d5532ee2ca03f391980dbbbd031bf36f1d2b78140bc02ec5dd7c1b8dc8c0bb7d948ad56918a629959d5331a73047a91067e43760cadd3f942add886

    Download Submit
  • C:\ProgramData\pckr\jvbd.exe
    Filesize

    165KB

    MD5

    299fd6f018adf3df8f4c0c49f43f3841

    SHA1

    16b95f12a1f30ea9f3d4c55fa468a5f7e8f5ef1e

    SHA256

    d42f5b2eb36690d5187c90c79a4589bcb1b80121da533deb1cf23b7a451b56c1

    SHA512

    cbfb0f7f0d5532ee2ca03f391980dbbbd031bf36f1d2b78140bc02ec5dd7c1b8dc8c0bb7d948ad56918a629959d5331a73047a91067e43760cadd3f942add886

    Download Submit
  • memory/1136-131-0x0000000000400000-0x0000000000449000-memory.dmp
    Filesize

    292KB

    Download
  • memory/1136-130-0x000000000075B000-0x000000000075F000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1136-136-0x0000000000400000-0x0000000000449000-memory.dmp
    Filesize

    292KB

    Download
  • memory/3592-134-0x000000000076A000-0x000000000076E000-memory.dmp
    Filesize

    16KB

    Download
  • memory/3592-135-0x0000000000400000-0x0000000000449000-memory.dmp
    Filesize

    292KB

    Download