Overview

overview

10

Static

static

bff34ec881...08.exe

windows7-x64

10

bff34ec881...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    112s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-01-2023 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe

  • Size

    1.7MB

  • MD5

    d49997877451b110adc8e09d9c04c2b6

  • SHA1

    602504addbd4df06c2ae5467a037edbf4fc41c16

  • SHA256

    bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708

  • SHA512

    7e4e0acecf1b00234fb08c1441b6917cc3c65d4f9b27f369812ff0a719aee4dbae995d00b36ab7eaf97e09f8be27b54c0ec5a80043c3dd4b2340824d5c850664

  • SSDEEP

    49152:Zk7edbYPPeMgp1wQ4H4/Kof7Of6Dmq9zbrQn:Z/dMPPEYQlNqfVUQn

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe
    "C:\Users\Admin\AppData\Local\Temp\bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3444
  • C:\Users\Admin\AppData\Local\Temp\bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe
    C:\Users\Admin\AppData\Local\Temp\bff34ec881bbe9726f025fcf4585150e98178bd2ecdbc7fc29939dbf554ab708.exe start
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3444-143-0x0000000010110000-0x0000000010190000-memory.dmp
    Filesize

    512KB

    Download
  • memory/3444-133-0x0000000002C50000-0x0000000002DBD000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/3444-134-0x00000000023A2000-0x0000000002C49000-memory.dmp
    Filesize

    8.7MB

    Download
  • memory/3444-135-0x0000000002C50000-0x0000000002DBD000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/3444-136-0x0000000010110000-0x0000000010190000-memory.dmp
    Filesize

    512KB

    Download
  • memory/3444-137-0x0000000010110000-0x0000000010190000-memory.dmp
    Filesize

    512KB

    Download
  • memory/3444-138-0x000000000FFA0000-0x000000000FFA7000-memory.dmp
    Filesize

    28KB

    Download
  • memory/3444-152-0x0000000002C50000-0x0000000002DBD000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/3444-132-0x00000000023A2000-0x0000000002C49000-memory.dmp
    Filesize

    8.7MB

    Download
  • memory/4400-142-0x000000000190E000-0x0000000001A7B000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/4400-144-0x000000000104C000-0x00000000018F3000-memory.dmp
    Filesize

    8.7MB

    Download
  • memory/4400-145-0x000000000190E000-0x0000000001A7B000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/4400-146-0x0000000001880000-0x0000000001900000-memory.dmp
    Filesize

    512KB

    Download
  • memory/4400-147-0x0000000001880000-0x0000000001900000-memory.dmp
    Filesize

    512KB

    Download
  • memory/4400-148-0x0000000000FF0000-0x0000000000FF7000-memory.dmp
    Filesize

    28KB

    Download
  • memory/4400-151-0x0000000001880000-0x0000000001900000-memory.dmp
    Filesize

    512KB

    Download
  • memory/4400-141-0x000000000104C000-0x00000000018F3000-memory.dmp
    Filesize

    8.7MB

    Download