systembc | 524-172-0x000007FEF2BF0000-0x000007FEF4761000-memory[.]dmp | Triage

Sharing

General

Target

524-172-0x000007FEF2BF0000-0x000007FEF4761000-memory.dmp
Size

27.4MB
MD5

129492439ff843f65a786caf61270c09
SHA1

8d2241b35ea08946215d490855fc6aaa2ddacd97
SHA256

91c88ad7739815e9049369a7aab84fed146c7fda141c4fa86a4a0df8694eddaf
SHA512

3f073ce9866ab94224c13a13fbcfe51831a2a3b9965c3f66ad1640c4d25f8228418bab52abb3e14367d4bdeaf0a61c4a9eed7d60f9ef469c3bff7da40516a9d8
SSDEEP

393216:YfKyUmjmVAY80FGjsa3n09QC0sic4whL4BPv3l+GvPpe55NU6g:zy7ma9Qa309DNiccn39npm5C

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

78.46.206.251:4294

5.75.208.145:4294

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
524-172-0x000007FEF2BF0000-0x000007FEF4761000-memory.dmp

Files

524-172-0x000007FEF2BF0000-0x000007FEF4761000-memory.dmp
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.~+'
Size: - Virtual size: 10.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.T!U
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zXX
Size: 17.0MB - Virtual size: 17.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ