systembc | 6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe
Size

336KB
MD5

55ec8d87ea82b509064ed7f1cf4123d2
SHA1

915988dada7cdff3ae640e9a95900e506af45384
SHA256

6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382
SHA512

ab57a206a465ecba1004ec4088ecf91f6a790052b3d729fa80d96716de1ee5c3458148e63cf7b989b6b5ef5492e9df23f21514dfc8997aac86a596e6a87150c1
SSDEEP

6144:P5gQhByOZWJjbr4Khyryyz+Tn5nAOlAOy8ZeqpSsfk9I:P5gtOZWJHrNhLT5nMLbb0k9I

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

advertserv7.world:4044

statexadvert.club:4044

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Executes dropped EXE 2 IoCs

Processes:

qhwhhls.exeqhwhhls.exe

pid process

1684 qhwhhls.exe
4996 qhwhhls.exe

pid	process
1684	qhwhhls.exe
4996	qhwhhls.exe

Drops file in Windows directory 2 IoCs

Processes:

6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe

description	ioc	process
File created	C:\Windows\Tasks\qhwhhls.job	6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe
File opened for modification	C:\Windows\Tasks\qhwhhls.job	6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe

pid	process
1236	6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe
1236	6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe

C:\Users\Admin\AppData\Local\Temp\6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe
"C:\Users\Admin\AppData\Local\Temp\6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1236

C:\ProgramData\fnjni\qhwhhls.exe
C:\ProgramData\fnjni\qhwhhls.exe start2
1⤵
- Executes dropped EXE
PID:1684

C:\ProgramData\fnjni\qhwhhls.exe
C:\ProgramData\fnjni\qhwhhls.exe start2
1⤵
- Executes dropped EXE
PID:4996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\fnjni\qhwhhls.exe
Filesize
336KB

MD5
55ec8d87ea82b509064ed7f1cf4123d2

SHA1
915988dada7cdff3ae640e9a95900e506af45384

SHA256
6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382

SHA512
ab57a206a465ecba1004ec4088ecf91f6a790052b3d729fa80d96716de1ee5c3458148e63cf7b989b6b5ef5492e9df23f21514dfc8997aac86a596e6a87150c1

Download Submit
C:\ProgramData\fnjni\qhwhhls.exe
Filesize
336KB

MD5
55ec8d87ea82b509064ed7f1cf4123d2

SHA1
915988dada7cdff3ae640e9a95900e506af45384

SHA256
6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382

SHA512
ab57a206a465ecba1004ec4088ecf91f6a790052b3d729fa80d96716de1ee5c3458148e63cf7b989b6b5ef5492e9df23f21514dfc8997aac86a596e6a87150c1

Download Submit
C:\ProgramData\fnjni\qhwhhls.exe
Filesize
336KB

MD5
55ec8d87ea82b509064ed7f1cf4123d2

SHA1
915988dada7cdff3ae640e9a95900e506af45384

SHA256
6614825f130ac2aa068a6693e59592bbe9b16dfae0642c7fb61ffed9ee509382

SHA512
ab57a206a465ecba1004ec4088ecf91f6a790052b3d729fa80d96716de1ee5c3458148e63cf7b989b6b5ef5492e9df23f21514dfc8997aac86a596e6a87150c1

Download Submit
memory/1236-144-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/1236-136-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/1236-135-0x0000000004590000-0x0000000004595000-memory.dmp

Filesize
20KB

Download
memory/1236-134-0x00000000028C8000-0x00000000028D0000-memory.dmp

Filesize
32KB

Download
memory/1236-139-0x0000000004590000-0x0000000004595000-memory.dmp

Filesize
20KB

Download
memory/1236-133-0x00000000028C8000-0x00000000028D0000-memory.dmp

Filesize
32KB

Download
memory/1236-132-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/1684-142-0x0000000002997000-0x000000000299F000-memory.dmp

Filesize
32KB

Download
memory/1684-143-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/1684-141-0x0000000002997000-0x000000000299F000-memory.dmp

Filesize
32KB

Download
memory/1684-145-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/1684-140-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/4996-147-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download
memory/4996-148-0x0000000002AFB000-0x0000000002B03000-memory.dmp

Filesize
32KB

Download
memory/4996-149-0x0000000002AFB000-0x0000000002B03000-memory.dmp

Filesize
32KB

Download
memory/4996-150-0x0000000000400000-0x0000000002858000-memory.dmp

Filesize
36.3MB

Download