Overview

overview

10

Static

static

3

4aed141bc4...5a.exe

windows7-x64

10

4aed141bc4...5a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 13:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a.exe

  • Size

    178KB

  • MD5

    705796f3b9bd73f9a9a8a07c9f10b909

  • SHA1

    93cf40f95ab91a0e33b405c0c49025dab7ceb496

  • SHA256

    4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a

  • SHA512

    4ce401041bdc5086345b856ac3f4baa804652cb6c14a7f84ae0cc1323783c2f54d8498aa9a1b72df0a3d86aa752f43873d4f9afc85b1544285e8a1f7ed53ae42

  • SSDEEP

    3072:+ob0P2fTvOS1eSauhB8zfGci1+rbjb4Ke:eOLOS13SfGc3Hjf

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

95.179.161.101:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a.exe
    "C:\Users\Admin\AppData\Local\Temp\4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a.exe"
    1⤵
    • Drops file in Windows directory
    PID:2172
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {B4F2D480-7319-4A5A-AFAE-6A62609AE519} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2592
    • C:\Users\Admin\AppData\Local\Temp\4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a.exe
      C:\Users\Admin\AppData\Local\Temp\4aed141bc47c4bdf1779182984a43dedb5b9e0f2ef220e29154028ad5f8ea55a.exe start
      2⤵
        PID:2040

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2040-11-0x0000000000400000-0x00000000008F7000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2172-2-0x0000000000220000-0x0000000000225000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2172-1-0x0000000000AC0000-0x0000000000BC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2172-3-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2172-6-0x0000000000400000-0x00000000008F7000-memory.dmp

      Filesize

      5.0MB

      Download

    • memory/2172-9-0x0000000000AC0000-0x0000000000BC0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2172-10-0x0000000000220000-0x0000000000225000-memory.dmp

      Filesize

      20KB

      Download