Overview

overview

10

Static

static

1

1cfd784207...ff.dll

windows7-x64

10

1cfd784207...ff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cfd78420793c0fafebf0f4e1a09c1ff.dll

  • Size

    1.2MB

  • MD5

    1cfd78420793c0fafebf0f4e1a09c1ff

  • SHA1

    8c6df311b3f42ffab51df0d411cefae923ef0929

  • SHA256

    329501486d4922ccf3a28e8ecf0046151e7106dc31ea6df33670d0d15d10cf54

  • SHA512

    1f4a85c4186a31c3e20f6e7dbffcf25fbf7f7587b782c3009013d643f1abcb27f2c79778a1587cb4b0ceff14327451d1b0a08ef2eef2ade94baa45f7a94dc182

  • SSDEEP

    24576:BB++leR75eeScNFG0tUDWlmulwI49SnymKLRd:BMseR7IexXM/ulRAsURd

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4912
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cfd78420793c0fafebf0f4e1a09c1ff.dll,#1
      2⤵
        PID:4804
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 580
          3⤵
          • Program crash
          PID:3728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4804 -ip 4804
      1⤵
        PID:3900

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4804-132-0x0000000000000000-mapping.dmp
        Download
      • memory/4804-133-0x0000000010000000-0x000000001013B000-memory.dmp
        Filesize

        1.2MB

        Download
      • memory/4804-135-0x00000000012C0000-0x00000000012C4000-memory.dmp
        Filesize

        16KB

        Download
      • memory/4804-134-0x0000000002CD0000-0x0000000002DE8000-memory.dmp
        Filesize

        1.1MB

        Download
      • memory/4804-136-0x0000000002CD0000-0x0000000002DE8000-memory.dmp
        Filesize

        1.1MB

        Download