Overview

overview

10

Static

static

57eb143090...38.exe

windows7-x64

10

57eb143090...38.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2022 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57eb1430903457db36a36023304f8a38.exe

  • Size

    197KB

  • MD5

    57eb1430903457db36a36023304f8a38

  • SHA1

    831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

  • SHA256

    1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

  • SHA512

    a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

  • SSDEEP

    3072:L6oyUN8LiJ4Ut3Fec85snm3HlR0zMgilHB9tEOzOGI8pJ/CB9XB/PkF4x:LXoLilt3FeKm1RgMrlHB92O+8pu

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

109.107.187.226:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57eb1430903457db36a36023304f8a38.exe
    "C:\Users\Admin\AppData\Local\Temp\57eb1430903457db36a36023304f8a38.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1048
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 948
      2⤵
      • Program crash
      PID:3004
  • C:\ProgramData\bcjb\irftf.exe
    C:\ProgramData\bcjb\irftf.exe start2
    1⤵
    • Executes dropped EXE
    PID:1104
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 476
      2⤵
      • Program crash
      PID:900
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1048 -ip 1048
    1⤵
      PID:3952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1104 -ip 1104
      1⤵
        PID:2844
      • C:\ProgramData\bcjb\irftf.exe
        C:\ProgramData\bcjb\irftf.exe start2
        1⤵
        • Executes dropped EXE
        PID:4348

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\bcjb\irftf.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit
      • C:\ProgramData\bcjb\irftf.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit
      • C:\ProgramData\bcjb\irftf.exe
        Filesize

        197KB

        MD5

        57eb1430903457db36a36023304f8a38

        SHA1

        831f481eebdf994a1cfacca5a9f53e1f6f93e0fd

        SHA256

        1962f91125c15839d9e18b7273f1831cae8a191c574577210dda1a424e9e7628

        SHA512

        a33af94ab2083e6beb5631ce4ff8c5340b4bf10e7a15727aef6817ec4dfd7c6771f90abc8bca397319d571cc8c165c7182528bab2e962f168530b7a496da683e

        Download Submit
      • memory/1048-132-0x0000000000748000-0x0000000000759000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1048-133-0x0000000000720000-0x0000000000725000-memory.dmp
        Filesize

        20KB

        Download
      • memory/1048-134-0x0000000000400000-0x000000000058B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/1048-139-0x0000000000748000-0x0000000000759000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1104-137-0x00000000006E8000-0x00000000006F8000-memory.dmp
        Filesize

        64KB

        Download
      • memory/1104-138-0x0000000000400000-0x000000000058B000-memory.dmp
        Filesize

        1.5MB

        Download
      • memory/1104-140-0x00000000006E8000-0x00000000006F8000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4348-142-0x000000000061C000-0x000000000062C000-memory.dmp
        Filesize

        64KB

        Download
      • memory/4348-143-0x0000000000400000-0x000000000058B000-memory.dmp
        Filesize

        1.5MB

        Download