systembc | a131debc6aff9726b63414d02f6cb3b7f2243baff822131f3892247d6799239a

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a131debc6aff9726b63414d02f6cb3b7f2243baff822131f3892247d6799239a.dll
Size

67KB
MD5

2a0f21b38d4ca04c9523407bf1d54e6d
SHA1

3912a07ae6805e8cbcef54b1c1aa1d01e8d8155b
SHA256

a131debc6aff9726b63414d02f6cb3b7f2243baff822131f3892247d6799239a
SHA512

903495df0f2dabb8ea36e3a24b1bdb83ad9fb66198d8cf0c6d92a7bbb01e8ccbeb7f2a10fc88fd659f724df27fbb43413557c510298bc63115dae3fabeac7872
SSDEEP

1536:9Lr3XKmOJRmVdGLuLCikPCROvTJ2nr6B6yKarxw:9LzKmgRmCikaROv06B6Gr

Score

10^/10

systembc trojan upx

Malware Config

Extracted

Family

systembc

155.138.219.110:443

192.53.123.202:443

Signatures

SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
trojan systembc

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral2/memory/2836-0-0x0000000000400000-0x000000000042E000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2836-0-0x0000000000400000-0x000000000042E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3648	2836	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2836	1664	rundll32.exe	82
PID 1664 wrote to memory of 2836	1664	rundll32.exe	82
PID 1664 wrote to memory of 2836	1664	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a131debc6aff9726b63414d02f6cb3b7f2243baff822131f3892247d6799239a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a131debc6aff9726b63414d02f6cb3b7f2243baff822131f3892247d6799239a.dll,#1
  2⤵
  PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 628
    3⤵
    - Program crash
    PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2836 -ip 2836
1⤵
PID:676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2836-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2836-2-0x0000000002930000-0x0000000002937000-memory.dmp

Filesize
28KB

Download
memory/2836-1-0x0000000000FE0000-0x0000000000FE6000-memory.dmp

Filesize
24KB

Download