Analysis
-
max time kernel
124s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
08-02-2023 18:27
General
-
Target
1cfd78420793c0fafebf0f4e1a09c1ff.dll
-
Size
1.2MB
-
MD5
1cfd78420793c0fafebf0f4e1a09c1ff
-
SHA1
8c6df311b3f42ffab51df0d411cefae923ef0929
-
SHA256
329501486d4922ccf3a28e8ecf0046151e7106dc31ea6df33670d0d15d10cf54
-
SHA512
1f4a85c4186a31c3e20f6e7dbffcf25fbf7f7587b782c3009013d643f1abcb27f2c79778a1587cb4b0ceff14327451d1b0a08ef2eef2ade94baa45f7a94dc182
-
SSDEEP
24576:BB++leR75eeScNFG0tUDWlmulwI49SnymKLRd:BMseR7IexXM/ulRAsURd
Score
10/10
Malware Config
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1716-54-0x0000000000000000-mapping.dmp
-
memory/1716-55-0x0000000074FA1000-0x0000000074FA3000-memory.dmpFilesize
8KB
-
memory/1716-56-0x0000000010000000-0x000000001013B000-memory.dmpFilesize
1.2MB
-
memory/1716-57-0x0000000000930000-0x0000000000A48000-memory.dmpFilesize
1.1MB
-
memory/1716-58-0x00000000001F0000-0x00000000001F4000-memory.dmpFilesize
16KB
-
memory/1716-59-0x0000000000930000-0x0000000000A48000-memory.dmpFilesize
1.1MB