Overview

overview

10

Static

static

bddb4b9fbd...ef.exe

windows7-x64

10

bddb4b9fbd...ef.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2022 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bddb4b9fbd34721a02da973e2faa29ef.exe

  • Size

    185KB

  • MD5

    bddb4b9fbd34721a02da973e2faa29ef

  • SHA1

    2d30e28283d2e778b67bcf6599b487ae2057dd62

  • SHA256

    123605f3e22a46522073d25da4f58b5fbfc8cef2417dd0a95d00d85db096ee38

  • SHA512

    71918beccb1ba405b11e045e78e1f6d47d8f76fe870b8d88a2584bd95a00d4ba86c44b5ca0097ad19b0ee8cb31fc3137f6cc4352f778fb64ee8dc04247a674f7

  • SSDEEP

    3072:RFEnYMaQ8SdE5c506+Tdp6nJMHTMW0c2vfzW3dEDAbEaRZeWGC3:e8sEyis8TMFS3dZEaRwWt

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

146.70.86.61:443

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bddb4b9fbd34721a02da973e2faa29ef.exe
    "C:\Users\Admin\AppData\Local\Temp\bddb4b9fbd34721a02da973e2faa29ef.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 976
      2⤵
      • Program crash
      PID:940
  • C:\ProgramData\ltscof\bqaspe.exe
    C:\ProgramData\ltscof\bqaspe.exe start
    1⤵
    • Executes dropped EXE
    PID:4688
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4276 -ip 4276
    1⤵
      PID:992

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\ltscof\bqaspe.exe
      Filesize

      185KB

      MD5

      bddb4b9fbd34721a02da973e2faa29ef

      SHA1

      2d30e28283d2e778b67bcf6599b487ae2057dd62

      SHA256

      123605f3e22a46522073d25da4f58b5fbfc8cef2417dd0a95d00d85db096ee38

      SHA512

      71918beccb1ba405b11e045e78e1f6d47d8f76fe870b8d88a2584bd95a00d4ba86c44b5ca0097ad19b0ee8cb31fc3137f6cc4352f778fb64ee8dc04247a674f7

      Download Submit
    • C:\ProgramData\ltscof\bqaspe.exe
      Filesize

      185KB

      MD5

      bddb4b9fbd34721a02da973e2faa29ef

      SHA1

      2d30e28283d2e778b67bcf6599b487ae2057dd62

      SHA256

      123605f3e22a46522073d25da4f58b5fbfc8cef2417dd0a95d00d85db096ee38

      SHA512

      71918beccb1ba405b11e045e78e1f6d47d8f76fe870b8d88a2584bd95a00d4ba86c44b5ca0097ad19b0ee8cb31fc3137f6cc4352f778fb64ee8dc04247a674f7

      Download Submit
    • memory/4276-132-0x00000000005D8000-0x00000000005E8000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4276-133-0x0000000002060000-0x0000000002069000-memory.dmp
      Filesize

      36KB

      Download
    • memory/4276-134-0x0000000000400000-0x0000000000464000-memory.dmp
      Filesize

      400KB

      Download
    • memory/4688-137-0x0000000000703000-0x0000000000713000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4688-138-0x0000000000400000-0x0000000000464000-memory.dmp
      Filesize

      400KB

      Download