Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    297s
  • max time network
    307s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-07-2023 00:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    246cb24d4721596de689605487342848d056bb672224bc673c976db50632066b.exe

  • Size

    4.8MB

  • MD5

    1cc4079428f6343a56ce2b33e720820e

  • SHA1

    8170a858dbcd7700ad649113631625bec5da9949

  • SHA256

    246cb24d4721596de689605487342848d056bb672224bc673c976db50632066b

  • SHA512

    6f55e7018777296668db1f940c7defbd4781018bfa0149faf9f3dda6ef52401d36f08faf453e3b0765e6f55740cea68b4345f65d9f45c05a2698569fcb659635

  • SSDEEP

    12288:TeC3CZ/dn53l3lYZDGR2vK/BY3nLkpVpnG6kzn:i+m33l3lYZE2C/zG5

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

91.103.252.89:4317

91.103.252.57:4317

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\246cb24d4721596de689605487342848d056bb672224bc673c976db50632066b.exe
    "C:\Users\Admin\AppData\Local\Temp\246cb24d4721596de689605487342848d056bb672224bc673c976db50632066b.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    PID:4720
  • C:\Users\Admin\AppData\Local\Temp\qfwwlt.exe
    C:\Users\Admin\AppData\Local\Temp\qfwwlt.exe
    1⤵
    • Executes dropped EXE
    PID:1012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\qfwwlt.exe
    Filesize

    4.8MB

    MD5

    d8e63037d7f87a26c6ea1dd7d7a458ae

    SHA1

    2e44954be9c86aac2cb4b3de59b9a37d2df132de

    SHA256

    2dea43ae1f222783b8dbe3b281826a11fadb6f67e72bf6676afab1ed7ebdcc9b

    SHA512

    a25a5b0631a6291adf1d2424b118390def8584753eb6939be99739c38b7544e1dd3b047ab0773cb05027ff46656246aa92e0a9222653422a16455a274b4de439

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\qfwwlt.exe
    Filesize

    4.8MB

    MD5

    d8e63037d7f87a26c6ea1dd7d7a458ae

    SHA1

    2e44954be9c86aac2cb4b3de59b9a37d2df132de

    SHA256

    2dea43ae1f222783b8dbe3b281826a11fadb6f67e72bf6676afab1ed7ebdcc9b

    SHA512

    a25a5b0631a6291adf1d2424b118390def8584753eb6939be99739c38b7544e1dd3b047ab0773cb05027ff46656246aa92e0a9222653422a16455a274b4de439

    Download Submit

  • memory/1012-146-0x0000000000A10000-0x0000000000A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1012-148-0x0000000000400000-0x00000000008D6000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/1012-149-0x0000000000A10000-0x0000000000A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1012-151-0x0000000000400000-0x00000000008D6000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4720-117-0x0000000000900000-0x0000000000901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-118-0x0000000000400000-0x00000000008D6000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/4720-119-0x0000000000900000-0x0000000000901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4720-120-0x0000000004560000-0x00000000049A9000-memory.dmp

    Filesize

    4.3MB

    Download

  • memory/4720-121-0x0000000000400000-0x00000000008D6000-memory.dmp

    Filesize

    4.8MB

    Download