Analysis
-
max time kernel
132s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-04-2024 17:46
General
-
Target
28135bb818682c71869768c1105e91595367c2f633c6e68b8c2ccb8611911972.exe
-
Size
16KB
-
MD5
ca36ad5442865e4b9571c82ce7b5bfe7
-
SHA1
b0b8795eb15b7986484c9f979c9d440f73b482e4
-
SHA256
28135bb818682c71869768c1105e91595367c2f633c6e68b8c2ccb8611911972
-
SHA512
50d702c68aa82d50a4b0f1a455f0a05c3d5eaa69ebe88fd001bfb349169fe1902be93ae282b5cdc650865fcdd91c5267fe6c9324da45dd14b467ea6854e13f1f
-
SSDEEP
384:rC+AHNZw/WnlrobdglGbLMoy+yG+yir1dVJ3uM9s:r0gklrydgQP1yO67VJ3uMm
Malware Config
Extracted
systembc
45.140.147.91:4001
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Executes dropped EXE 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\28135bb818682c71869768c1105e91595367c2f633c6e68b8c2ccb8611911972.exe"C:\Users\Admin\AppData\Local\Temp\28135bb818682c71869768c1105e91595367c2f633c6e68b8c2ccb8611911972.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskeng.exetaskeng.exe {265304AA-BFC0-4196-A033-6A4FE978AFD3} S-1-5-21-1298544033-3225604241-2703760938-1000:IZKCKOTP\Admin:Interactive:[1]1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\ciseoa\xcuo.exeC:\ProgramData\ciseoa\xcuo.exe start22⤵
- Executes dropped EXE
-
-
C:\ProgramData\ciseoa\xcuo.exeC:\ProgramData\ciseoa\xcuo.exe start22⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5ca36ad5442865e4b9571c82ce7b5bfe7
SHA1b0b8795eb15b7986484c9f979c9d440f73b482e4
SHA25628135bb818682c71869768c1105e91595367c2f633c6e68b8c2ccb8611911972
SHA51250d702c68aa82d50a4b0f1a455f0a05c3d5eaa69ebe88fd001bfb349169fe1902be93ae282b5cdc650865fcdd91c5267fe6c9324da45dd14b467ea6854e13f1f