systembc | 2c3fade9317146109c3dad7e9e06168a2af28d04185c248a3322cd8b8ae8901f

Analysis

max time kernel
292s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2022 15:29

Target

2288.exe
Size

303KB
MD5

a91d1ad4f99dc142a63342a79a04a61c
SHA1

9328310f5567fc7247516d21f339fb99b67706be
SHA256

2c3fade9317146109c3dad7e9e06168a2af28d04185c248a3322cd8b8ae8901f
SHA512

f869c9568afb90bec12732ce55552e66fe1dc2f9a52212a8011e2509805bfc59574ecbe4f52144ed8bde0b240849816cdb261ccefcb9d00f1ba65f0daa9cc39a
SSDEEP

3072:S7WJjr2Y4hMi7RVRypzplBot6LB1fhnYAfm8QBmP22tThsNbNweGj+Qo6hNz5/a:++js57SFlnLDfhYAfLP22tThsIeGjY6

Score

10^/10

systembc trojan

Family

systembc

89.248.163.218:443

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 1 IoCs

Processes:

tupqk.exe

pid process

3908 tupqk.exe
Drops file in Windows directory 2 IoCs

Processes:

2288.exe

description ioc process

File created C:\Windows\Tasks\tupqk.job 2288.exe
File opened for modification C:\Windows\Tasks\tupqk.job 2288.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3708 4716 WerFault.exe 2288.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

2288.exe

pid process

4716 2288.exe
4716 2288.exe

pid	process
3908	tupqk.exe

description	ioc	process
File created	C:\Windows\Tasks\tupqk.job	2288.exe
File opened for modification	C:\Windows\Tasks\tupqk.job	2288.exe

pid	pid_target	process	target process
3708	4716	WerFault.exe	2288.exe

pid	process
4716	2288.exe
4716	2288.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 980
2⤵
- Program crash
PID:3708

C:\ProgramData\ikablkr\tupqk.exe
C:\ProgramData\ikablkr\tupqk.exe start
1⤵
- Executes dropped EXE
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4716 -ip 4716
1⤵
PID:4252

C:\ProgramData\ikablkr\tupqk.exe

Filesize
303KB

MD5
a91d1ad4f99dc142a63342a79a04a61c

SHA1
9328310f5567fc7247516d21f339fb99b67706be

SHA256
2c3fade9317146109c3dad7e9e06168a2af28d04185c248a3322cd8b8ae8901f

SHA512
f869c9568afb90bec12732ce55552e66fe1dc2f9a52212a8011e2509805bfc59574ecbe4f52144ed8bde0b240849816cdb261ccefcb9d00f1ba65f0daa9cc39a

Download Submit
C:\ProgramData\ikablkr\tupqk.exe

Filesize
303KB

MD5
a91d1ad4f99dc142a63342a79a04a61c

SHA1
9328310f5567fc7247516d21f339fb99b67706be

SHA256
2c3fade9317146109c3dad7e9e06168a2af28d04185c248a3322cd8b8ae8901f

SHA512
f869c9568afb90bec12732ce55552e66fe1dc2f9a52212a8011e2509805bfc59574ecbe4f52144ed8bde0b240849816cdb261ccefcb9d00f1ba65f0daa9cc39a

Download Submit
memory/3908-137-0x0000000000487000-0x000000000049C000-memory.dmp

Filesize
84KB

Download
memory/3908-138-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/3908-139-0x0000000000487000-0x000000000049C000-memory.dmp

Filesize
84KB

Download
memory/4716-132-0x000000000062C000-0x0000000000641000-memory.dmp

Filesize
84KB

Download
memory/4716-133-0x00000000005B0000-0x00000000005B9000-memory.dmp

Filesize
36KB

Download
memory/4716-134-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/4716-140-0x000000000062C000-0x0000000000641000-memory.dmp

Filesize
84KB

Download
memory/4716-141-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download