Overview

overview

10

Static

static

1

qZGYOyA5rG.exe

windows7-x64

10

qZGYOyA5rG.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2023 00:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qZGYOyA5rG.exe

  • Size

    130KB

  • MD5

    78f7ba13edd008ea22a8116e6a3b56ba

  • SHA1

    e2fc9ef2ec44db2e01eeec52ded29ed0b24fa10f

  • SHA256

    bdf296434f9ad3d332b00073d74a884ca78b7a6a535f1e1b63f510d9e77dc3c1

  • SHA512

    9af521e0ec23a902204f7effe3801f5b20e959e1d95c4e76d394087388953205aa5accd706ff6022c5e0ff11b6e728801f4847900864ee74ddea79cedf2c58c8

  • SSDEEP

    3072:zewcPHgx8H/yC1wR9m4wHfKIu/970vZX6K:qwcKl9m/K//mvVn

Score
10/10
systembctrojan

Malware Config

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookAW 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qZGYOyA5rG.exe
    "C:\Users\Admin\AppData\Local\Temp\qZGYOyA5rG.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookAW
    PID:2176
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 952
      2⤵
      • Program crash
      PID:4020
  • C:\ProgramData\coejiij\tjpxgd.exe
    C:\ProgramData\coejiij\tjpxgd.exe start2
    1⤵
    • Executes dropped EXE
    PID:3252
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 468
      2⤵
      • Program crash
      PID:1700
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2176 -ip 2176
    1⤵
      PID:920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3252 -ip 3252
      1⤵
        PID:3200

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\coejiij\tjpxgd.exe
        Filesize

        130KB

        MD5

        78f7ba13edd008ea22a8116e6a3b56ba

        SHA1

        e2fc9ef2ec44db2e01eeec52ded29ed0b24fa10f

        SHA256

        bdf296434f9ad3d332b00073d74a884ca78b7a6a535f1e1b63f510d9e77dc3c1

        SHA512

        9af521e0ec23a902204f7effe3801f5b20e959e1d95c4e76d394087388953205aa5accd706ff6022c5e0ff11b6e728801f4847900864ee74ddea79cedf2c58c8

        Download Submit
      • C:\ProgramData\coejiij\tjpxgd.exe
        Filesize

        130KB

        MD5

        78f7ba13edd008ea22a8116e6a3b56ba

        SHA1

        e2fc9ef2ec44db2e01eeec52ded29ed0b24fa10f

        SHA256

        bdf296434f9ad3d332b00073d74a884ca78b7a6a535f1e1b63f510d9e77dc3c1

        SHA512

        9af521e0ec23a902204f7effe3801f5b20e959e1d95c4e76d394087388953205aa5accd706ff6022c5e0ff11b6e728801f4847900864ee74ddea79cedf2c58c8

        Download Submit
      • memory/2176-134-0x0000000000400000-0x0000000000425000-memory.dmp
        Filesize

        148KB

        Download
      • memory/3252-144-0x0000000000400000-0x0000000000425000-memory.dmp
        Filesize

        148KB

        Download