systembc | 1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

Analysis

max time kernel
185s
max time network
252s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2022 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

socksupd.exe
Size

197KB
MD5

57eb1430903457db36a36023304f8a38
SHA1

831f481eebdf994a1cfacca5a9f53e1f6f93e0fd
SHA256

1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628
SHA512

a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e
SSDEEP

3072:L6oyUN8LiJ4Ut3Fec85snm3HlR0zMgilHB9tEOzOGI8pJ/CB9XB/PkF4x:LXoLilt3FeKm1RgMrlHB92O+8pu

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

109.107.187.226:4001

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 2 IoCs

Processes:

iodkmtj.exeiodkmtj.exe

pid process

1732 iodkmtj.exe
4476 iodkmtj.exe
Drops file in Windows directory 2 IoCs

Processes:

socksupd.exe

description ioc process

File created C:\Windows\Tasks\iodkmtj.job socksupd.exe
File opened for modification C:\Windows\Tasks\iodkmtj.job socksupd.exe
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1808 1124 WerFault.exe socksupd.exe
3400 1732 WerFault.exe iodkmtj.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

socksupd.exe

pid process

1124 socksupd.exe
1124 socksupd.exe

pid	process
1732	iodkmtj.exe
4476	iodkmtj.exe

description	ioc	process
File created	C:\Windows\Tasks\iodkmtj.job	socksupd.exe
File opened for modification	C:\Windows\Tasks\iodkmtj.job	socksupd.exe

pid	pid_target	process	target process
1808	1124	WerFault.exe	socksupd.exe
3400	1732	WerFault.exe	iodkmtj.exe

pid	process
1124	socksupd.exe
1124	socksupd.exe

C:\Users\Admin\AppData\Local\Temp\socksupd.exe
"C:\Users\Admin\AppData\Local\Temp\socksupd.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 956
2⤵
- Program crash
PID:1808

C:\ProgramData\dpixtcw\iodkmtj.exe
C:\ProgramData\dpixtcw\iodkmtj.exe start2
1⤵
- Executes dropped EXE
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 256
2⤵
- Program crash
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1124 -ip 1124
1⤵
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1732 -ip 1732
1⤵
PID:3480

C:\ProgramData\dpixtcw\iodkmtj.exe
C:\ProgramData\dpixtcw\iodkmtj.exe start2
1⤵
- Executes dropped EXE
PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\dpixtcw\iodkmtj.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\ProgramData\dpixtcw\iodkmtj.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
C:\ProgramData\dpixtcw\iodkmtj.exe
Filesize
197KB

MD5
57eb1430903457db36a36023304f8a38

SHA1
831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

SHA256
1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

SHA512
a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

Download Submit
memory/1124-135-0x00000000006A8000-0x00000000006B9000-memory.dmp

Filesize
68KB

Download
memory/1124-136-0x0000000000650000-0x0000000000655000-memory.dmp

Filesize
20KB

Download
memory/1124-132-0x00000000006A8000-0x00000000006B9000-memory.dmp

Filesize
68KB

Download
memory/1124-134-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/1124-141-0x00000000006A8000-0x00000000006B9000-memory.dmp

Filesize
68KB

Download
memory/1124-133-0x0000000000650000-0x0000000000655000-memory.dmp

Filesize
20KB

Download
memory/1732-139-0x00000000005C8000-0x00000000005D8000-memory.dmp

Filesize
64KB

Download
memory/1732-140-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/1732-142-0x00000000005C8000-0x00000000005D8000-memory.dmp

Filesize
64KB

Download
memory/4476-144-0x000000000067C000-0x000000000068C000-memory.dmp

Filesize
64KB

Download
memory/4476-145-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads