Overview
overview
10Static
static
810c410851b...78.exe
windows7_x64
110c410851b...78.exe
windows10_x64
1Bat-To-Exe...er-x64
linux_amd64
Bat-To-Exe...er-x64
linux_mipsel
Bat-To-Exe...er-x64
linux_mips
Bat-To-Exe...er-x86
linux_amd64
Bat-To-Exe...er-x86
linux_mipsel
Bat-To-Exe...er-x86
linux_mips
Bat-To-Exe...er.dmg
macos_amd64
1Bat-To-Exe...64.exe
windows7_x64
3Bat-To-Exe...64.exe
windows10_x64
1Bat-To-Exe...86.exe
windows7_x64
3Bat-To-Exe...86.exe
windows10_x64
125ac59efdf...c7.exe
windows7_x64
1025ac59efdf...c7.exe
windows10_x64
83523671dc7...2a.exe
windows7_x64
83523671dc7...2a.exe
windows10_x64
84a32ef4d91...8a.exe
windows7_x64
84a32ef4d91...8a.exe
windows10_x64
86f081f8143...3b.exe
windows7_x64
86f081f8143...3b.exe
windows10_x64
879b2065107...61.exe
windows7_x64
879b2065107...61.exe
windows10_x64
8baa54f7d1e...d8.exe
windows7_x64
8baa54f7d1e...d8.exe
windows10_x64
8Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
25-10-2021 08:18
Static task
static1
Behavioral task
behavioral1
Sample
10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
10c410851b47490eea158797046a2be886dbf7f7da4f47a7fa4e8081af6f2f78.exe
Resource
win10-en-20211014
Behavioral task
behavioral3
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x64
Resource
ubuntu-amd64
Behavioral task
behavioral4
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x64
Resource
debian9-mipsel
Behavioral task
behavioral5
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x64
Resource
debian9-mipsbe
Behavioral task
behavioral6
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x86
Resource
ubuntu-amd64
Behavioral task
behavioral7
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x86
Resource
debian9-mipsel
Behavioral task
behavioral8
Sample
Bat-To-Exe-Converter-Downloader-master/Linux/downloader-x86
Resource
debian9-mipsbe
Behavioral task
behavioral9
Sample
Bat-To-Exe-Converter-Downloader-master/Mac OS/downloader.dmg
Resource
macos
Behavioral task
behavioral10
Sample
Bat-To-Exe-Converter-Downloader-master/Windows/downloader-x64.exe
Resource
win7-en-20210920
Behavioral task
behavioral11
Sample
Bat-To-Exe-Converter-Downloader-master/Windows/downloader-x64.exe
Resource
win10-en-20211014
Behavioral task
behavioral12
Sample
Bat-To-Exe-Converter-Downloader-master/Windows/downloader-x86.exe
Resource
win7-en-20210920
Behavioral task
behavioral13
Sample
Bat-To-Exe-Converter-Downloader-master/Windows/downloader-x86.exe
Resource
win10-en-20211014
Behavioral task
behavioral14
Sample
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
Resource
win7-en-20210920
Behavioral task
behavioral15
Sample
25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
Resource
win10-en-20211014
Behavioral task
behavioral16
Sample
3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a.exe
Resource
win7-en-20210920
Behavioral task
behavioral17
Sample
3523671dc78bc32e8caf574110eb09023588eb0a9edb91eb7f6afc7c762d332a.exe
Resource
win10-en-20210920
Behavioral task
behavioral18
Sample
4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a.exe
Resource
win7-en-20211014
Behavioral task
behavioral19
Sample
4a32ef4d911a823aaeac64664a8f9e28890bbd20da689580802e23d571d0f68a.exe
Resource
win10-en-20210920
Behavioral task
behavioral20
Sample
6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe
Resource
win7-en-20211014
Behavioral task
behavioral21
Sample
6f081f814358d615469a82cab0569fbf3c98a3e152bcfb2a9dd348b2d881b93b.exe
Resource
win10-en-20210920
Behavioral task
behavioral22
Sample
79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe
Resource
win7-en-20211014
Behavioral task
behavioral23
Sample
79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe
Resource
win10-en-20210920
Behavioral task
behavioral24
Sample
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe
Resource
win7-en-20210920
Behavioral task
behavioral25
Sample
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe
Resource
win10-en-20211014
General
-
Target
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe
-
Size
4.7MB
-
MD5
a2186e2b43cdbc31011d6fa7b244b53a
-
SHA1
ac08c1345868b644cea4572a2864a97b14705e2d
-
SHA256
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8
-
SHA512
61eaeec91997ff42c977862d6194956ff3090dc4148732c2f664fef776e82a5ed886e3e3fa35f0fba0c750a393addccf330fd1bd3421743783231dcecfe98bf0
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmppid process 868 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp -
Loads dropped DLL 1 IoCs
Processes:
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exepid process 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exedescription pid process target process PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp PID 740 wrote to memory of 868 740 baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe"C:\Users\Admin\AppData\Local\Temp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-PEA79.tmp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp"C:\Users\Admin\AppData\Local\Temp\is-PEA79.tmp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmp" /SL5="$40156,4523514,121344,C:\Users\Admin\AppData\Local\Temp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-PEA79.tmp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmpMD5
90fc739c83cd19766acb562c66a7d0e2
SHA1451f385a53d5fed15e7649e7891e05f231ef549a
SHA256821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA5124cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c
-
\Users\Admin\AppData\Local\Temp\is-PEA79.tmp\baa54f7d1e5215ded677ed42ca7e5f0ab973313cd06f8ee36c77a55894f037d8.tmpMD5
90fc739c83cd19766acb562c66a7d0e2
SHA1451f385a53d5fed15e7649e7891e05f231ef549a
SHA256821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA5124cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c
-
memory/740-54-0x00000000751D1000-0x00000000751D3000-memory.dmpFilesize
8KB
-
memory/740-61-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/868-58-0x0000000000000000-mapping.dmp
-
memory/868-62-0x0000000000240000-0x0000000000241000-memory.dmpFilesize
4KB