systembc | 4524-121-0x00007FFD94DA0000-0x00007FFD954D0000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4524-121-0x00007FFD94DA0000-0x00007FFD954D0000-memory.dmp
Size

7.2MB
MD5

98ae72f3f42a173473e11d2f0264901b
SHA1

97dd1c9e479a6ed4e6c1f474dfa149796195a811
SHA256

0d893943c824ca8041ced2e23788bd7d823055c1aa7a2ab72cd25adf7f5ec69f
SHA512

7028f33f5953d64ed775150d75fcbc5b22b4fcddf280173da74e50bc0ff12f24e04fc4583d50718c58e90b11e37c5dd278313de2057fe63866e44964ba0f30ed
SSDEEP

196608:tbxUA5/IcS2ROotev72/8tUG7YzDGaixTPnHXb8:YeAb2woovsKUZforXb8

Score

10^/10

systembc

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Signatures

Systembc family
systembc

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4524-121-0x00007FFD94DA0000-0x00007FFD954D0000-memory.dmp

Files

4524-121-0x00007FFD94DA0000-0x00007FFD954D0000-memory.dmp
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.@qe
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zz?
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.J(!
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ