Overview

overview

10

Static

static

7

2d3ba7dd14...bd.exe

windows7-x64

10

2d3ba7dd14...bd.exe

windows10-1703-x64

10

2d3ba7dd14...bd.exe

windows10-2004-x64

10

2d3ba7dd14...bd.exe

windows11-21h2-x64

10

Resubmissions

15-04-2024 11:31

240415-nmzycsff4y 10

10-04-2024 04:57

240410-fljwradc86 10

10-04-2024 04:57

240410-flcsfadc82 10

10-04-2024 04:57

240410-flb6xadc78 10

10-04-2024 04:57

240410-flbkdadc77 10

19-12-2023 13:06

231219-qcfg3sadbq 10

Analysis

  • max time kernel
    296s
  • max time network
    303s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3ba7dd14b9a579b2626fa5baee19bd.exe

  • Size

    209KB

  • MD5

    2d3ba7dd14b9a579b2626fa5baee19bd

  • SHA1

    dd365103583cfb3c10b73efc6592f8b80c1d75e0

  • SHA256

    42a191ee4f9593db8f514cce85ad8b9d6533bc71983a9529e7a5d68764d21679

  • SHA512

    29efd1035df73572efea0d96017772481b9858855c12d1bb96fc6a4ccd49443a4bb0d1bd86c69dda4218f04e8855ec37c4515157b75a240a530792232c4f03c0

  • SSDEEP

    6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UY:cnLh9yn52rpUR5vHuRYpM+Y

Score
10/10
systembctrojanupx

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3ba7dd14b9a579b2626fa5baee19bd.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3ba7dd14b9a579b2626fa5baee19bd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1996
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 480
      2⤵
      • Program crash
      PID:3276
  • C:\ProgramData\etrbew\mfcifb.exe
    C:\ProgramData\etrbew\mfcifb.exe start
    1⤵
    • Executes dropped EXE
    PID:3804
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4984
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1996 -ip 1996
      1⤵
        PID:1676

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\etrbew\mfcifb.exe
        Filesize

        209KB

        MD5

        2d3ba7dd14b9a579b2626fa5baee19bd

        SHA1

        dd365103583cfb3c10b73efc6592f8b80c1d75e0

        SHA256

        42a191ee4f9593db8f514cce85ad8b9d6533bc71983a9529e7a5d68764d21679

        SHA512

        29efd1035df73572efea0d96017772481b9858855c12d1bb96fc6a4ccd49443a4bb0d1bd86c69dda4218f04e8855ec37c4515157b75a240a530792232c4f03c0

        Download Submit

      • memory/1996-1-0x0000000004700000-0x0000000004800000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1996-2-0x00000000001C0000-0x00000000001C9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/1996-3-0x0000000000400000-0x00000000045F0000-memory.dmp

        Filesize

        65.9MB

        Download

      • memory/1996-14-0x0000000004700000-0x0000000004800000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1996-25-0x0000000000400000-0x00000000045F0000-memory.dmp

        Filesize

        65.9MB

        Download

      • memory/3804-10-0x0000000004920000-0x0000000004A20000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/3804-11-0x00000000001C0000-0x00000000001C9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/3804-13-0x0000000000400000-0x00000000045F0000-memory.dmp

        Filesize

        65.9MB

        Download

      • memory/3804-17-0x0000000004920000-0x0000000004A20000-memory.dmp

        Filesize

        1024KB

        Download