Overview

overview

10

Static

static

10

svc.dll

windows7-x64

10

svc.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2024 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    svc.dll

  • Size

    12.8MB

  • MD5

    0aa05ebc3b6667954898cfccc4057600

  • SHA1

    c59cbd309b3393cb08a1133364ed11000fdd418d

  • SHA256

    44cf04192384e920215f0e335561076050129ad7a43b58b1319fa1f950f6a7b6

  • SHA512

    d4abd9c548fa8e1e6681585b8e5375b216955ef8b621fb3a27f74e28975e8c6696df18cf96bd6e1229ad0c268877126caabc15b5849c3d401a45675aa0b2b31f

  • SSDEEP

    393216:99pRr+jrfTxceLsf4KseXYpfkAxu7oSVVmr:7+jTTxccsfRXAWmr

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

185.236.232.20:445

192.168.1.28:445

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Systembc family
    systembc
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\svc.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3728-0-0x00007FFBF2967000-0x00007FFBF300C000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/3728-1-0x00007FFC10DD0000-0x00007FFC10DD2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3728-2-0x00007FFBF2960000-0x00007FFBF3635000-memory.dmp

    Filesize

    12.8MB

    Download

  • memory/3728-4-0x00007FFBF2967000-0x00007FFBF300C000-memory.dmp

    Filesize

    6.6MB

    Download