Analysis

  • max time kernel
    291s
  • max time network
    257s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    22-07-2023 22:13

General

  • Target

    792bce2f91e0ab94042cc4e682138f55f6b710d2613fef92864462d2a0a57865.exe

  • Size

    4.7MB

  • MD5

    d5f0f054453ad42c81755b596f310fa8

  • SHA1

    058adf731d033a5dbb15d8ee7667eb84619b28de

  • SHA256

    792bce2f91e0ab94042cc4e682138f55f6b710d2613fef92864462d2a0a57865

  • SHA512

    18eba4f5ac1d9303d8a5a768cb068fdabf7717a82050d1d785252b0270e32a22d24c54365ae00368e676cd3841df120100f5f5f6479dad7b13d5f57ca341cca5

  • SSDEEP

    6144:vOaZsS4DFasluB04DdbHXrW2AmPxSB/lKfwmpjLkBGxZlTK:TZsFDFas+l3a2AYfnjxxX

Malware Config

Extracted

Family

systembc

C2

91.103.252.89:4317

91.103.252.57:4317

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

  • Adds Run key to start application 2 TTPs 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\792bce2f91e0ab94042cc4e682138f55f6b710d2613fef92864462d2a0a57865.exe
    "C:\Users\Admin\AppData\Local\Temp\792bce2f91e0ab94042cc4e682138f55f6b710d2613fef92864462d2a0a57865.exe"
    1⤵
    • Adds Run key to start application
    PID:436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/436-120-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

  • memory/436-121-0x0000000000400000-0x00000000008B9000-memory.dmp

    Filesize

    4.7MB

  • memory/436-122-0x00000000024D0000-0x00000000024D1000-memory.dmp

    Filesize

    4KB

  • memory/436-123-0x0000000004400000-0x0000000004849000-memory.dmp

    Filesize

    4.3MB

  • memory/436-124-0x0000000000400000-0x00000000008B9000-memory.dmp

    Filesize

    4.7MB