Behavioral task
behavioral1
Sample
4048-122-0x00007FF969DB0000-0x00007FF96B0E6000-memory.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
4048-122-0x00007FF969DB0000-0x00007FF96B0E6000-memory.dll
Resource
win10v2004-20230220-en
General
-
Target
4048-122-0x00007FF969DB0000-0x00007FF96B0E6000-memory.dmp
-
Size
19.2MB
-
MD5
dadacb9923722104a3075b36a9762720
-
SHA1
382f868123c34db40065278f41f1cdd52f63f54b
-
SHA256
cab00ca92fe2a8366928a9a51776928c087604e7db9ab83667afbe6371c3637c
-
SHA512
bb27a3937100a9aa5edb2a86e2ac08bc3bb07282f5818dd55c057beaa1908b5b08e8dae73e4ac91b2de04f0199da05f35df126730d565bcd2020c7f5a911e0d7
-
SSDEEP
393216:Qca3tuwsWwIR0u+ODGjz5THB+jnTTxLH143tmCHbJ/CCUu+nX:kTsWwIRbgdTHB6nTTpstHwCiX
Malware Config
Extracted
systembc
79.137.203.32:4289
localhost.exchange:4289
Signatures
-
Systembc family
Files
-
4048-122-0x00007FF969DB0000-0x00007FF96B0E6000-memory.dmp.dll windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
VvT"<;zd Size: - Virtual size: 11KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
yr5aGcw\ Size: - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9OTQ.L=k Size: - Virtual size: 595B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2!C`9z.; Size: - Virtual size: 432B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
[rd,OMMv Size: - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
wu0&fIa< Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
r0?ng8X0 Size: 12.3MB - Virtual size: 12.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
:0Of[v(^ Size: 512B - Virtual size: 240B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0CO!k.J> Size: 89KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ