Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

socksupd.exe

windows7-x64

10

socksupd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    185s
  • max time network
    252s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2022, 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    socksupd.exe

  • Size

    197KB

  • MD5

    57eb1430903457db36a36023304f8a38

  • SHA1

    831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

  • SHA256

    1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

  • SHA512

    a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

  • SSDEEP

    3072:L6oyUN8LiJ4Ut3Fec85snm3HlR0zMgilHB9tEOzOGI8pJ/CB9XB/PkF4x:LXoLilt3FeKm1RgMrlHB92O+8pu

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

109.107.187.226:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\socksupd.exe
    "C:\Users\Admin\AppData\Local\Temp\socksupd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1124
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 956
      2⤵
      • Program crash
      PID:1808
  • C:\ProgramData\dpixtcw\iodkmtj.exe
    C:\ProgramData\dpixtcw\iodkmtj.exe start2
    1⤵
    • Executes dropped EXE
    PID:1732
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 256
      2⤵
      • Program crash
      PID:3400
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1124 -ip 1124
    1⤵
      PID:4084
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1732 -ip 1732
      1⤵
        PID:3480
      • C:\ProgramData\dpixtcw\iodkmtj.exe
        C:\ProgramData\dpixtcw\iodkmtj.exe start2
        1⤵
        • Executes dropped EXE
        PID:4476

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\dpixtcw\iodkmtj.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit

      • C:\ProgramData\dpixtcw\iodkmtj.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit

      • C:\ProgramData\dpixtcw\iodkmtj.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit

      • memory/1124-135-0x00000000006A8000-0x00000000006B9000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1124-136-0x0000000000650000-0x0000000000655000-memory.dmp

        Filesize

        20KB

        Download

      • memory/1124-132-0x00000000006A8000-0x00000000006B9000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1124-134-0x0000000000400000-0x000000000058B000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1124-141-0x00000000006A8000-0x00000000006B9000-memory.dmp

        Filesize

        68KB

        Download

      • memory/1124-133-0x0000000000650000-0x0000000000655000-memory.dmp

        Filesize

        20KB

        Download

      • memory/1732-139-0x00000000005C8000-0x00000000005D8000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1732-140-0x0000000000400000-0x000000000058B000-memory.dmp

        Filesize

        1.5MB

        Download

      • memory/1732-142-0x00000000005C8000-0x00000000005D8000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4476-144-0x000000000067C000-0x000000000068C000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4476-145-0x0000000000400000-0x000000000058B000-memory.dmp

        Filesize

        1.5MB

        Download