Resubmissions

12/11/2022, 11:37

221112-nrl73aab8v 10

03/11/2022, 07:26

221103-h9jl1afeh6 10

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/11/2022, 11:37

General

  • Target

    0915eb750b11e94953c1986391d89c8a.exe

  • Size

    9.6MB

  • MD5

    0915eb750b11e94953c1986391d89c8a

  • SHA1

    71486f38fdb43239ccf56b6349e0eaf86e68022a

  • SHA256

    d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c

  • SHA512

    aa9d1049c4ea0500782db8957f8d9ef8df707994c5ea8f9a8855b9c3d01f8f209f3165aa576b1b04ec7117fc3506aeb664259d7a310342b60b6f769d6303ce61

  • SSDEEP

    196608:P/JjqWE4GnFcaCCnTwaJ6qu8jKmEHEByu0cssD1MGQQtgIL:P/8tCWwaJju85X0hGgIL

Score
10/10

Malware Config

Extracted

Family

systembc

C2

filmsoneonline.com:4246

onlinefilmshome.com:4246

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0915eb750b11e94953c1986391d89c8a.exe
    "C:\Users\Admin\AppData\Local\Temp\0915eb750b11e94953c1986391d89c8a.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:740

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/740-132-0x0000000000400000-0x0000000001770000-memory.dmp

          Filesize

          19.4MB

        • memory/740-134-0x0000000000400000-0x0000000001770000-memory.dmp

          Filesize

          19.4MB

        • memory/740-135-0x0000000000400000-0x0000000001770000-memory.dmp

          Filesize

          19.4MB