systembc | b2b82c1977c17aec7ba0074f56c0d61100e616a0ce72dab748ec4269db6c0793

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
08-08-2023 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62813c6cab9234e83949fcc563c33b57.dll
Size

6.0MB
MD5

62813c6cab9234e83949fcc563c33b57
SHA1

474c9abc14fea035d0e80128dbd7260f0cbc42b2
SHA256

b2b82c1977c17aec7ba0074f56c0d61100e616a0ce72dab748ec4269db6c0793
SHA512

a29cdda3218566509cfc3d07b50bfe9ece45fd6a57cb12b649b283204191326e30746bc9d33c63b2e8281b65fd1f19cc79092b81e8cd67d593010c3574986542
SSDEEP

98304:Yk/CgBuUFSDyJ6FqBh2Rvtu9+GdULsSuPbm5u1et8yDD27AadUEpnoj:DBumcyJ6O3LdCgPbSket8yDDTsGj

Score

10^/10

systembc trojan vmprotect

Malware Config

Extracted

Family

systembc

5.42.65.67:4298

localhost.exchange:4298

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc
Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

2 2148 rundll32.exe

flow	pid	process
2	2148	rundll32.exe

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dmp	vmprotect
behavioral1/memory/2148-90-0x000007FEF54E0000-0x000007FEF5F64000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

2148 rundll32.exe
2148 rundll32.exe

pid	process
2148	rundll32.exe
2148	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62813c6cab9234e83949fcc563c33b57.dll,#1
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2148-55-0x000007FEF54E0000-0x000007FEF5F64000-memory.dmp

Filesize
10.5MB

Download
memory/2148-54-0x0000000077E20000-0x0000000077E22000-memory.dmp

Filesize
8KB

Download
memory/2148-57-0x0000000077E20000-0x0000000077E22000-memory.dmp

Filesize
8KB

Download
memory/2148-59-0x0000000077E20000-0x0000000077E22000-memory.dmp

Filesize
8KB

Download
memory/2148-60-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/2148-62-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/2148-64-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/2148-65-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2148-67-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2148-69-0x0000000077E40000-0x0000000077E42000-memory.dmp

Filesize
8KB

Download
memory/2148-70-0x0000000077E50000-0x0000000077E52000-memory.dmp

Filesize
8KB

Download
memory/2148-72-0x0000000077E50000-0x0000000077E52000-memory.dmp

Filesize
8KB

Download
memory/2148-74-0x0000000077E50000-0x0000000077E52000-memory.dmp

Filesize
8KB

Download
memory/2148-77-0x000007FEFDB50000-0x000007FEFDB52000-memory.dmp

Filesize
8KB

Download
memory/2148-79-0x000007FEFDB50000-0x000007FEFDB52000-memory.dmp

Filesize
8KB

Download
memory/2148-82-0x000007FEFDB60000-0x000007FEFDB62000-memory.dmp

Filesize
8KB

Download
memory/2148-84-0x000007FEFDB60000-0x000007FEFDB62000-memory.dmp

Filesize
8KB

Download
memory/2148-85-0x0000000077E60000-0x0000000077E62000-memory.dmp

Filesize
8KB

Download
memory/2148-87-0x0000000077E60000-0x0000000077E62000-memory.dmp

Filesize
8KB

Download
memory/2148-89-0x0000000077E60000-0x0000000077E62000-memory.dmp

Filesize
8KB

Download
memory/2148-90-0x000007FEF54E0000-0x000007FEF5F64000-memory.dmp

Filesize
10.5MB

Download
memory/2148-91-0x0000000077C70000-0x0000000077E19000-memory.dmp

Filesize
1.7MB

Download
memory/2148-92-0x0000000077C70000-0x0000000077E19000-memory.dmp

Filesize
1.7MB

Download