Malware Analysis Report

2024-11-30 23:26

Sample ID 230809-s4cllsce38
Target a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.exe
SHA256 a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dc
Tags
systembc trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dc

Threat Level: Known bad

The file a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.exe was found to be: Known bad.

Malicious Activity Summary

systembc trojan

SystemBC

Blocklisted process makes network request

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-09 15:40

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-09 15:40

Reported

2023-08-09 15:43

Platform

win7-20230712-en

Max time kernel

122s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1

Signatures

SystemBC

trojan systembc

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1

Network

Country Destination Domain Proto
RU 5.42.65.67:4298 tcp

Files

memory/2352-54-0x000007FEF5470000-0x000007FEF5EA9000-memory.dmp

memory/2352-53-0x0000000077D10000-0x0000000077D12000-memory.dmp

memory/2352-56-0x0000000077D10000-0x0000000077D12000-memory.dmp

memory/2352-59-0x0000000077B60000-0x0000000077D09000-memory.dmp

memory/2352-58-0x0000000077D10000-0x0000000077D12000-memory.dmp

memory/2352-60-0x0000000077D20000-0x0000000077D22000-memory.dmp

memory/2352-64-0x0000000077D20000-0x0000000077D22000-memory.dmp

memory/2352-62-0x0000000077D20000-0x0000000077D22000-memory.dmp

memory/2352-65-0x0000000077D30000-0x0000000077D32000-memory.dmp

memory/2352-67-0x0000000077D30000-0x0000000077D32000-memory.dmp

memory/2352-69-0x0000000077D30000-0x0000000077D32000-memory.dmp

memory/2352-70-0x0000000077D40000-0x0000000077D42000-memory.dmp

memory/2352-74-0x0000000077D40000-0x0000000077D42000-memory.dmp

memory/2352-72-0x0000000077D40000-0x0000000077D42000-memory.dmp

memory/2352-75-0x0000000077D50000-0x0000000077D52000-memory.dmp

memory/2352-79-0x0000000077D50000-0x0000000077D52000-memory.dmp

memory/2352-77-0x0000000077D50000-0x0000000077D52000-memory.dmp

memory/2352-82-0x000007FEFDA30000-0x000007FEFDA32000-memory.dmp

memory/2352-84-0x000007FEFDA30000-0x000007FEFDA32000-memory.dmp

memory/2352-89-0x000007FEFDA40000-0x000007FEFDA42000-memory.dmp

memory/2352-87-0x000007FEFDA40000-0x000007FEFDA42000-memory.dmp

memory/2352-90-0x000007FEF5470000-0x000007FEF5EA9000-memory.dmp

memory/2352-91-0x0000000077B60000-0x0000000077D09000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-09 15:40

Reported

2023-08-09 15:42

Platform

win10v2004-20230703-en

Max time kernel

127s

Max time network

137s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1

Signatures

SystemBC

trojan systembc

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2c10b5d95151fefb06479bdf202bbce96a8f0a2db6398b6d4a34d6d2a1784dcexe_JC.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 5.42.65.67:4298 tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

memory/2172-134-0x00007FFFD3670000-0x00007FFFD40A9000-memory.dmp

memory/2172-135-0x00007FFFF1AE0000-0x00007FFFF1AE2000-memory.dmp

memory/2172-133-0x00007FFFF1AD0000-0x00007FFFF1AD2000-memory.dmp

memory/2172-136-0x00007FFFF1AF0000-0x00007FFFF1AF2000-memory.dmp

memory/2172-137-0x00007FFFF1210000-0x00007FFFF1212000-memory.dmp

memory/2172-138-0x00007FFFF1220000-0x00007FFFF1222000-memory.dmp

memory/2172-139-0x00007FFFEF720000-0x00007FFFEF722000-memory.dmp

memory/2172-140-0x00007FFFEF730000-0x00007FFFEF732000-memory.dmp

memory/2172-141-0x00007FFFD3670000-0x00007FFFD40A9000-memory.dmp