systembc | f9ff6bac08394cce4b892bc5875e3970bcdfaa83f3d7613b7f55968b410e85d7

Analysis

max time kernel
131s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:48

Target

507d8c2edb4500f479f31320aeae9940.exe
Size

792KB
MD5

507d8c2edb4500f479f31320aeae9940
SHA1

d893a91a87cde424c90e699420f5c2235348e913
SHA256

f9ff6bac08394cce4b892bc5875e3970bcdfaa83f3d7613b7f55968b410e85d7
SHA512

e49a05e6375fd6212c57d6643ecbdcb52f641843a28bb4381256e5c422cb760c87810bcbbb15ceb0cd4dc9231a45e9369e2c6334778ac4f998a5043176183bb7
SSDEEP

12288:+dpeb+ZKEqYDVVh/jQe9rZnuRX1klztojDMCSEPXMjSGaZlUP9XqZCphS5p:+dpXKEFDVZ9rZnuYojIC3M9XqkPM

Score

10^/10

systembc trojan

Family

systembc

146.70.86.61:443

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

507d8c2edb4500f479f31320aeae9940.exe

description	ioc	process
File created	C:\Windows\Tasks\tunbo.job	507d8c2edb4500f479f31320aeae9940.exe
File opened for modification	C:\Windows\Tasks\tunbo.job	507d8c2edb4500f479f31320aeae9940.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

507d8c2edb4500f479f31320aeae9940.exe

pid process

2032 507d8c2edb4500f479f31320aeae9940.exe

pid	process
2032	507d8c2edb4500f479f31320aeae9940.exe

C:\Windows\system32\taskeng.exe
taskeng.exe {486573DE-3BF7-4690-AFFD-FA4C03CACE05} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:580

memory/2032-54-0x00000000003F0000-0x0000000000409000-memory.dmp

Filesize
100KB

Download
memory/2032-55-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/2032-56-0x0000000000410000-0x000000000041B000-memory.dmp

Filesize
44KB

Download