systembc | 5bd7522d5fc9974eec5366697ee99480abb6910302d0250838022d6758024fa8

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-04-2023 09:15

Target

37887c9dce52b5f8926515cd07e14319.dll
Size

1.5MB
MD5

37887c9dce52b5f8926515cd07e14319
SHA1

4d2e946233a43d028cde5b9f4a5dd032eb44b2c7
SHA256

5bd7522d5fc9974eec5366697ee99480abb6910302d0250838022d6758024fa8
SHA512

67e066d701b35ec1f60b5b4175f0fddb84ebf28ed243d1a4b83b5d50e861ae5876b6f451e5d3bc890dde36c4c267df2836dc6f3788ffcfc260c14f72392fb188
SSDEEP

24576:f73hUyP/uQ00lVmJLWr6pOvcZwMgr3GRsFmAFjbc9IiLR7s9XP65HvefXN2wD:VUyWSZ6kUZeGRCjYI2R7If6e1

Score

10^/10

systembc trojan

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe
PID 1368 wrote to memory of 1580	1368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37887c9dce52b5f8926515cd07e14319.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37887c9dce52b5f8926515cd07e14319.dll,#1
2⤵
PID:1580

memory/1580-54-0x0000000010000000-0x0000000010179000-memory.dmp

Filesize
1.5MB

Download
memory/1580-55-0x0000000010000000-0x0000000010179000-memory.dmp

Filesize
1.5MB

Download
memory/1580-56-0x00000000008C0000-0x00000000009D3000-memory.dmp

Filesize
1.1MB

Download
memory/1580-57-0x00000000001B0000-0x00000000001B4000-memory.dmp

Filesize
16KB

Download
memory/1580-58-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1580-60-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1580-59-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1580-61-0x00000000001D0000-0x00000000001D5000-memory.dmp

Filesize
20KB

Download
memory/1580-62-0x0000000000210000-0x0000000000212000-memory.dmp

Filesize
8KB

Download