Malware Analysis Report

2025-04-03 09:42

Sample ID 230404-3dwa5saf59
Target 9871110383.zip
SHA256 3c30eee540fd9371e5010a322a99e8a169b4a997145dfda5ded0a76f444268f4
Tags
systembc
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c30eee540fd9371e5010a322a99e8a169b4a997145dfda5ded0a76f444268f4

Threat Level: Known bad

The file 9871110383.zip was found to be: Known bad.

Malicious Activity Summary

systembc

Systembc family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-04-04 23:24

Signatures

Systembc family

systembc

Analysis: behavioral1

Detonation Overview

Submitted

2023-04-04 23:24

Reported

2023-04-04 23:26

Platform

win7-20230220-en

Max time kernel

30s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe

"C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe"

Network

Country Destination Domain Proto
LT 93.115.28.138:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-04-04 23:24

Reported

2023-04-04 23:25

Platform

win10v2004-20230220-en

Max time kernel

87s

Max time network

90s

Command Line

"C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe

"C:\Users\Admin\AppData\Local\Temp\13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.exe"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 84.150.43.20.in-addr.arpa udp
LT 93.115.28.138:443 tcp
US 8.8.8.8:53 assets.msn.com udp
GB 95.101.143.105:443 assets.msn.com tcp
US 8.8.8.8:53 105.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 167.129.198.20.in-addr.arpa udp
US 8.8.8.8:53 177.17.30.184.in-addr.arpa udp
US 8.8.8.8:53 99.113.223.173.in-addr.arpa udp
US 8.8.8.8:53 113.66.64.40.in-addr.arpa udp
US 8.8.8.8:53 250.255.255.239.in-addr.arpa udp
US 8.8.8.8:53 8.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 5.233.140.95.in-addr.arpa udp
US 8.8.8.8:53 240.232.18.117.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 126.152.241.8.in-addr.arpa udp
US 8.8.8.8:53 73.254.224.20.in-addr.arpa udp
US 8.8.8.8:53 50.4.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.232.229.192.in-addr.arpa udp
US 8.8.8.8:53 42.134.221.88.in-addr.arpa udp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp

Files

N/A