73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
295s
max time network
305s
platform
windows10-1703_x64
resource
win10-20231215-ja
resource tags

arch:x64arch:x86image:win10-20231215-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
11/02/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4584	b2e.exe
2388	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
2388	cpuminer-sse2.exe
2388	cpuminer-sse2.exe
2388	cpuminer-sse2.exe
2388	cpuminer-sse2.exe
2388	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1404-6-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4584	1404	batexe.exe	74
PID 1404 wrote to memory of 4584	1404	batexe.exe	74
PID 1404 wrote to memory of 4584	1404	batexe.exe	74
PID 4584 wrote to memory of 4720	4584	b2e.exe	75
PID 4584 wrote to memory of 4720	4584	b2e.exe	75
PID 4584 wrote to memory of 4720	4584	b2e.exe	75
PID 4720 wrote to memory of 2388	4720	cmd.exe	78
PID 4720 wrote to memory of 2388	4720	cmd.exe	78

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Users\Admin\AppData\Local\Temp\1548.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\1548.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\1548.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4584
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1B24.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
      cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1548.tmp\b2e.exe

Filesize
3.7MB

MD5
c3d5cab075a64da450b85274ab927ced

SHA1
2bb64c5bf437846d50086383b22d521f462425ed

SHA256
de822b693abf5a7092a3deb59ec80601e729a465f9acfb8a1af8064c852a8149

SHA512
90251b58c2823162320034aa662be7ad75e26a40d74056114ebc496325cde3faf77260f41dbcf75e26746ce82e7f2fef95b9f392a9a895585c3db7284ad58779

Download Submit
C:\Users\Admin\AppData\Local\Temp\1548.tmp\b2e.exe

Filesize
3.3MB

MD5
8b37e867c800e4bd6143ea9c6d875069

SHA1
f05061c5205f2cf3fc695949af83ad10ff582dbf

SHA256
b19d0a72989431d30f7fc6b88505f8f0793a08b12d5fba8dacbd5101ef2c6cd4

SHA512
59f115744bc235cd9c96c151d5cd63f7a5b94411508f374869b6f5eda9bd69c5469b4997860d03ee0f9636706d361f759091c475028d9eca1d2be2169c47c1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\1B24.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
496KB

MD5
0388793741bcc4b3d977a1c47cab4564

SHA1
4e1a2a19b05a97bc29ffadf7c8ea503d14b14a1b

SHA256
891295e4b0f80564336f9a60e41d8ae3d68d6d8c425e5be935119046e1f640f4

SHA512
750542e1de2a1f70e13fbd865b19d6045d67209d1ea3446533ccab3574e5e7ebfaf5c086b67ee3014969a75d48bb8936ca5d7784c69c284dd286ef73c6d81eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
226KB

MD5
b56f277437b93523311b43c5e4a33c9f

SHA1
fa2944c877785ef568fd964ad1e2090244784a7d

SHA256
74cd7fb5b8e12f43a1bc400b7a285d416f2241aefa3ac5a6ddee010216f8a10f

SHA512
672c4fe02d6332978c66d1bd0dc74c461cd6a8e3cf68b09da60907fd7be1e7de3e3a7dee1a0c8da923904757c2069622653e83c62044f13ec22e9f7be349ba1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
330KB

MD5
355a7bb838264ccc0f3bdb8109d12e2f

SHA1
fb28bd6654ce89d34255fb5b19a9523095e90f66

SHA256
0334f4a3462c8f2f2a0e356e2e4031eb7aa4fd6071d482ae1269ee6f15d1a8a3

SHA512
8a69f69e2abcacb5bf8b347707e09ebbd400e300c9c05f3854ede72452108fe0c89ec897879fb46a14cacded4441c134646bc8338fae50e31204e15d6ecfd045

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
143KB

MD5
d92806fb7059d9f58d9949dc770da6b3

SHA1
eb8c841a0a7e6b7cecf790a759278300fae8211b

SHA256
55d2e6485e2d03bf15b15db78ffd28f23744b4e6ed780b44b88ff7704de9ebf4

SHA512
2780a04a9f4eabff13d7e644925bde42114cd00700e1922469dfc721c48ebeaecd9e3cd0f1458216cbc038235015fa1e15cab145a8efb6cbc7833a1182ee8317

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
205KB

MD5
03f41829fed04ac14bdd4220c840e10a

SHA1
99c52ea909b5f2e9ea163eb44d2be4c12b067769

SHA256
d458487a9a0fe4b8317005c7f817220a0576f745b70599fa6c4901effaff2744

SHA512
8ee6433b53bca947c1a81e7b9fa6315d6d7b004a6eed0d96e28ead9914d65ccf882c578d8b68ca20e52e33dbad7eff4846da24e749a30ca9e25ebf57db07c570

Download Submit
C:\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
266KB

MD5
28d8ef932b61512ea4b32e75d364baf7

SHA1
dd714c04bceabbe5f1c09e602768037cfff26c25

SHA256
34e5c1bb0fdb0aca8bd6c07f94aadb064b0fec8ec2bfe1ef59e714c962234d05

SHA512
a0512cafa7a6be01342a74723f14a781e3c2587a2051ef1b8ff4d78c9aa94160bc85f3d01037d2ab18a3ae33d7f447dc1724b2b7d126bed9cb3aef4ec416e341

Download Submit
\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
160KB

MD5
57c4305d9dca0fdd1a1ac6ae8444b995

SHA1
08dc9fa40482c1df34a1dd8bea0dc68e085def67

SHA256
42ce40d715fc475d87e342705b42a161e830726c41c480d1d0b93122b628dbbe

SHA512
eb6953215a6eaac0465fb04f9b14649bff8116afa9e3a49288366833bc4a71bd6379b2dea2d58ccd6644ddf4359ef270915589d88d6e234d24707b52eda77a6e

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
181KB

MD5
73b6ec6460d266d532ca872a70448c6d

SHA1
edf76d3df7c4954a7fa5af29b6848788c45dad32

SHA256
48b28c2a9130c93ad97faaeea73e09fa1c2d13e92f4610567cb46a34c39c3fd2

SHA512
4ab76cf2b51a916fe0719cddd94b9ab66b8dd9f430e33ddc6e3892cea210782df23b46ac10250502399d3856aeff5df569cdc58e1a4130335af3681afd4205d9

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
225KB

MD5
6b2b74acb9c1a2a75e4f0a425d02352e

SHA1
47d1256f55f87e6e31ea723e92316c7f7c0d37d2

SHA256
9c5823bb830b595094764dadfd10c9054fef3bb6a173b1995cf4418cfbd64e9c

SHA512
fde995d6a0562d94ecbe094f8abfa581bc59006771be98089339eee3920ba0baa2e7d101169bc9939fe57a8f82e9626400262b5ffdd84970b58b113bb65f91d2

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
732KB

MD5
8c50118ad6854a46af6f558d2cd6be6f

SHA1
6d488474eea8e38901a6f61c59abcd6fa541b2f0

SHA256
35da7ae97fdeb8e9c816dc8731afa6111f1eb985dd7ff57bd9465020d8429c8f

SHA512
f439f7be995ff1938d027ab31d84ab4937bbdd8cbe98d2f2aa313dadec374217ae323e874b7ed66f4eaa02acfedf556908971444de550aaee74570b594f19556

Download Submit
\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
247KB

MD5
b44f87c7d76beedeca78d3c983df1cc1

SHA1
9bbc4440a48505278861b2005a8eaedd3265e294

SHA256
05ebc1fcaff99fc4f8061e4b814cfdf19dd813948857f62baedf011c3b72c381

SHA512
1d28e66f7573ab369e8b4038a8453a0a0e3576f24e0b2414053ffce2c02bb052a2d7198f26ed4a6285f4a47efd62d05d264eb728eba92ea4b44e36cd55915c30

Download Submit
memory/1404-6-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download
memory/2388-44-0x0000000000F40000-0x00000000027F5000-memory.dmp

Filesize
24.7MB

Download
memory/2388-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-41-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/2388-42-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/2388-43-0x0000000061B90000-0x0000000061C28000-memory.dmp

Filesize
608KB

Download
memory/2388-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-45-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-96-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-61-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-71-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-76-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2388-86-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4584-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4584-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download