Analysis
-
max time kernel
136s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
05-01-2024 12:45
General
-
Target
socks.exe
-
Size
16KB
-
MD5
cc64f95a4208489ff4d7e00d84ef92c5
-
SHA1
7d8a4bf93e558db774ccf9054cfc72825df9e9cc
-
SHA256
8cd25f3890b83cca1983424be8866191f6cdc63006e9d7b84d97c333cb4d149a
-
SHA512
97b0ef4f04e107f470a5387e732392cb583a4a5bc13289fcf4770a10b881bcf33741f64d4766321e3b1c04441c5a7327a32e542f53f584e6760b3434ea50152d
-
SSDEEP
384:rC+AHNZw/WnlrobdglGbLMoy+yG+yir1dV:r0gklrydgQP1yO67V
Score
10/10
Malware Config
Extracted
Family
systembc
C2
185.73.124.42:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\socks.exe"C:\Users\Admin\AppData\Local\Temp\socks.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\hasleh\sdhfgh.exeC:\ProgramData\hasleh\sdhfgh.exe start21⤵
- Executes dropped EXE
-
C:\ProgramData\hasleh\sdhfgh.exeC:\ProgramData\hasleh\sdhfgh.exe start21⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5cc64f95a4208489ff4d7e00d84ef92c5
SHA17d8a4bf93e558db774ccf9054cfc72825df9e9cc
SHA2568cd25f3890b83cca1983424be8866191f6cdc63006e9d7b84d97c333cb4d149a
SHA51297b0ef4f04e107f470a5387e732392cb583a4a5bc13289fcf4770a10b881bcf33741f64d4766321e3b1c04441c5a7327a32e542f53f584e6760b3434ea50152d