Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
08-02-2023 19:22
General
-
Target
1716-56-0x0000000010000000-0x000000001013B000-memory.dll
-
Size
1.2MB
-
MD5
1b7567ad481edfdd98def6b2d0b4bdf9
-
SHA1
c05f17efae43c16bf5efd3e3c5e1f3548c572e98
-
SHA256
d8eea48101d16675eab4b0263d801425405565d80057839513e00d1717c6dc7a
-
SHA512
902620925513e4d9235250756e6a2bd1de06c50f1d70760222fc858ce3547c65894b9ab6c122c9cc8b6247438e69681f80526b8f5b91c087967cf1b254cf21e3
-
SSDEEP
24576:LZA5Md+xdHP0J6wfwnriXWYXbsdmTHdUHlRRrc5Pi7OQMCeMwVrGOUfp7O:L3SdY6OwriXWQsdmbdelRdkai4eMw5Gk
Score
10/10
Malware Config
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1716-56-0x0000000010000000-0x000000001013B000-memory.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 5603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1904 -ip 19041⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1904-132-0x0000000000000000-mapping.dmp
-
memory/1904-133-0x0000000010000000-0x000000001013B000-memory.dmpFilesize
1.2MB