Overview

overview

10

Static

static

304d2fc82e...d3.exe

windows7-x64

10

304d2fc82e...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    191s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 15:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3.exe

  • Size

    163KB

  • MD5

    07c48efec256157d37cfad4f429050f6

  • SHA1

    95ee9560e06a1b7f6ca2e88c3a86987d3fcc5b1e

  • SHA256

    304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3

  • SHA512

    a47fc8d88e0cf03382db2e1a5d194834fa7e6add376402fbac4b5ca46bc6de06e4ff8ee1a605e209a0cc3a16d3b498bfa2fb2d2b00c8b1cd7d8a6b8d16d816ac

  • SSDEEP

    3072:VbeMh5pve3qP87Lp56bkqe5WfSCQ5I7HWYLS4dt1f3RaNewDDp:V35pm3w87MkqeISCgIjBLS4v1paLDp

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

89.248.163.218:443

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3.exe
    "C:\Users\Admin\AppData\Local\Temp\304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3328
  • C:\ProgramData\gqxxc\uwxs.exe
    C:\ProgramData\gqxxc\uwxs.exe start
    1⤵
    • Executes dropped EXE
    PID:876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\gqxxc\uwxs.exe
    Filesize

    163KB

    MD5

    07c48efec256157d37cfad4f429050f6

    SHA1

    95ee9560e06a1b7f6ca2e88c3a86987d3fcc5b1e

    SHA256

    304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3

    SHA512

    a47fc8d88e0cf03382db2e1a5d194834fa7e6add376402fbac4b5ca46bc6de06e4ff8ee1a605e209a0cc3a16d3b498bfa2fb2d2b00c8b1cd7d8a6b8d16d816ac

    Download Submit

  • C:\ProgramData\gqxxc\uwxs.exe
    Filesize

    163KB

    MD5

    07c48efec256157d37cfad4f429050f6

    SHA1

    95ee9560e06a1b7f6ca2e88c3a86987d3fcc5b1e

    SHA256

    304d2fc82e2398804364c5b2da3fe43ed9a3f5581883134f4b2ac68ec76326d3

    SHA512

    a47fc8d88e0cf03382db2e1a5d194834fa7e6add376402fbac4b5ca46bc6de06e4ff8ee1a605e209a0cc3a16d3b498bfa2fb2d2b00c8b1cd7d8a6b8d16d816ac

    Download Submit

  • memory/876-139-0x0000000000783000-0x0000000000793000-memory.dmp

    Filesize

    64KB

    Download

  • memory/876-140-0x0000000000400000-0x000000000058E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3328-132-0x0000000000718000-0x0000000000729000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3328-133-0x00000000022C0000-0x00000000022C9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3328-134-0x0000000000400000-0x000000000058E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3328-135-0x0000000000718000-0x0000000000729000-memory.dmp

    Filesize

    68KB

    Download

  • memory/3328-136-0x00000000022C0000-0x00000000022C9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/3328-141-0x0000000000718000-0x0000000000729000-memory.dmp

    Filesize

    68KB

    Download