systembc | fa8e172b009885380bc12629b0047a0e271da693b0cfb4679130cef7488fcdff

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2023 15:40

Target

CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe
Size

426KB
MD5

fffab099edb70d514b4f7e71814a4b6b
SHA1

f883e7aed96e924295f133307cb9e75f6370b96c
SHA256

fa8e172b009885380bc12629b0047a0e271da693b0cfb4679130cef7488fcdff
SHA512

ecdbf9973ae32953a6b4b64a6d845f35e771ad03f69c387f3039c083bc4d35cb34c59f0f38f96e22c6333c30973f0c0711b837ba9a2a2eab3433a2e39b7baff2
SSDEEP

12288:Rn1Yckqq4kiIR4XInytR1Rhu0clrPrXEq8j:R1nS4f/X4aR1R3cDrXEq

Score

10^/10

systembc trojan

Family

systembc

178.79.174.207:443

146.70.53.169:443

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

Drops file in Windows directory 2 IoCs

Processes:

CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe

description	ioc	process
File created	C:\Windows\Tasks\wow64.job	CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe
File opened for modification	C:\Windows\Tasks\wow64.job	CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe

C:\Users\Admin\AppData\Local\Temp\CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe
"C:\Users\Admin\AppData\Local\Temp\CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe"
1⤵
- Drops file in Windows directory
PID:388

C:\Users\Admin\AppData\Local\Temp\CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe
C:\Users\Admin\AppData\Local\Temp\CryptOne_Exec_3ebb3119fdb24e76b292d4923b31539a6bf0d13e6afd7c6fda28d062274ec8dc.exe start
1⤵
PID:3500

memory/388-133-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/388-136-0x0000000002360000-0x0000000002366000-memory.dmp

Filesize
24KB

Download
memory/388-137-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/388-138-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/3500-145-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3500-146-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/3500-147-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download