Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-04-2024 16:38
General
-
Target
08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f.exe
-
Size
16KB
-
MD5
365f7ff51ec4583ba6a426b15981b9e7
-
SHA1
2d66a5b213ec43165d0ccaea3a4b9e1bcdd68318
-
SHA256
08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f
-
SHA512
7eaa4ca6097b883156dfdcd0fea3c9b18520e8d431665551beae2e1c1e3e104671007ba83cde826fc025f931bfe1d74dc35de0ed184e59dfc9cb6c0b7822cf70
-
SSDEEP
384:rC+AHNZw/WnlrobdglGbLMoy+yG+yir1dV:r0gklrydgQP1yO67V
Malware Config
Extracted
systembc
193.233.21.140:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f.exe"C:\Users\Admin\AppData\Local\Temp\08dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskeng.exetaskeng.exe {1306C29E-18E0-4817-B949-4641537DDDE3} S-1-5-21-2297530677-1229052932-2803917579-1000:HKULBIBU\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\laov\qcri.exeC:\ProgramData\laov\qcri.exe start22⤵
- Executes dropped EXE
-
-
C:\ProgramData\laov\qcri.exeC:\ProgramData\laov\qcri.exe start22⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5365f7ff51ec4583ba6a426b15981b9e7
SHA12d66a5b213ec43165d0ccaea3a4b9e1bcdd68318
SHA25608dd07978c07ca8d8f51d9033428f23b76fd6c6f7607e39a0e9d28821131261f
SHA5127eaa4ca6097b883156dfdcd0fea3c9b18520e8d431665551beae2e1c1e3e104671007ba83cde826fc025f931bfe1d74dc35de0ed184e59dfc9cb6c0b7822cf70