73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
293s
max time network
296s
platform
windows10-1703_x64
resource
win10-20231215-ja
resource tags

arch:x64arch:x86image:win10-20231215-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
11-02-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4208	b2e.exe
4672	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
4672	cpuminer-sse2.exe
4672	cpuminer-sse2.exe
4672	cpuminer-sse2.exe
4672	cpuminer-sse2.exe
4672	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2964-5-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4208	2964	batexe.exe	74
PID 2964 wrote to memory of 4208	2964	batexe.exe	74
PID 2964 wrote to memory of 4208	2964	batexe.exe	74
PID 4208 wrote to memory of 4068	4208	b2e.exe	75
PID 4208 wrote to memory of 4068	4208	b2e.exe	75
PID 4208 wrote to memory of 4068	4208	b2e.exe	75
PID 4068 wrote to memory of 4672	4068	cmd.exe	78
PID 4068 wrote to memory of 4672	4068	cmd.exe	78

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\9105.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\9105.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\9105.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9318.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
      cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9105.tmp\b2e.exe

Filesize
3.4MB

MD5
19b99ad9011d39e2a5c3b803fe07b234

SHA1
821258091c1c61d2a24463acb94ac59bff1bc76f

SHA256
b338e13042ffb4a4d17bc72e1749b08f17fe7e535f8a8d581a1cd4dc32012809

SHA512
3efbf87c358cda89885d571395efdc8b25ab874e9943db73a8426ff05175614b2dc249383aec38ca8a20b87e16a40ddc5382a3b74df7f223b33d5b4b761b17fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\9105.tmp\b2e.exe

Filesize
3.1MB

MD5
9c45d14b891ce1053560da192d61bd08

SHA1
c9ee0e62e598559a1678ff636fbe18293e0dc5f3

SHA256
d8d2099f95f07cce6859262727d649080d8df3106b2185812160c9ae00a61c4c

SHA512
14d43e7d8603e0bee043d64c3de76221047b1ff1cfe1d1add224b4f2f6f4f8a6fd6c0d4769b01b2e529139442f778476c22f45efd63f28a8c942f3de80dc1a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\9318.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
1.3MB

MD5
44160b61e95e71bb433e38889f7c9bc5

SHA1
de5cd81995820cabd82008e57f97b2734b8e1960

SHA256
1795531b7f75a03b6f0266d789b6b67ce0a5d000d663f7f0a3292cb7d57506a6

SHA512
53da1c1a2c87f834f5ab2e6f578fb24c900ffe2af1ad20bc06b47951cc45e9aaa010befdc238bcf44a1ae68db46f98660a4dd9f1f571f9c22a09884179dd6150

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
1.5MB

MD5
993a407f32cb80ce508dea626c752396

SHA1
4aadc30942678207e53a5b4f48e23b20fb52ca86

SHA256
8b8a300f66dafb5a77849725fea93633407e5561a3c4fa3ef647c5873d4a440c

SHA512
6195b45d20c89dff1cba445eac47249b1fe918e87e71521e61945abee2e26e731de52a8589af10f5f2f591bc1be756f5218179a0f92d046b05d72f461a017463

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
1.2MB

MD5
556e0e99a9194ab9640ca1a1f9c1a09f

SHA1
f4178eefe609587c8ad84531696a88eec7fe45dc

SHA256
cb2bbca852fdd3503a64f5a84d8b4fac98ed2b4a069ef03ea4a628a52038c671

SHA512
69d457f2dffa010bff02f5bf9750aec7bf61d5fe6f3e1d404ab98441f6827719bc96d840f27d3a733a1cb0450afa0fc8f737462ed56e05226b2cd33c7e3654c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
1.6MB

MD5
f3ec497896122d570dd05b3703218f4c

SHA1
ffcd122f73a3aa401b3d4cd10a585cd941da56f1

SHA256
8a14153e5087362454fd858d411235a841284ee794e8530bfa05d5edae7da4b6

SHA512
9d4be2562c04876ed829e1ff97cb4d9f04458e7c1d57b5602d576c68f7561e3f1ec8a5cd68196b8e7966f414cfe4bde91b86fb1f304a3534d2f3829e313ae8ec

Download Submit
\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
836KB

MD5
aeab40ed9a8e627ea7cefc1f5cf9bf7a

SHA1
5e2e8ca2881b9bf9edfa3c4fdcec6da1efa102d8

SHA256
218cfc4073bab4eddf0de0804f96b204687311e20a9e97994bff54c9b0e01ee9

SHA512
c0a67616fa01fdc351015212a718faf70da6612fbb3ec13da28dd7af9a507c56882fb7c3eea6fbc37d4d63b970157199d16d0756dbe3cb3bc2223e215cb104d8

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
934KB

MD5
8ba5ac6fe92a06588cc74355185d9478

SHA1
ecec2c9150a4932a47e69f8931642a541e773d47

SHA256
d613b0c814e0721e6da371faadce89784ae8c3bb6c08629c532e413349610c8a

SHA512
9204a7212ece6a05e520e4ae987806ee1dcb9dfb6adfacf7ee47f151eab584b2b85947a0340d33630094232b4b0242cb6ada79c82d18d953e8f2f4608fbbf884

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
1.0MB

MD5
d9d91a144e97fd14d1fc07cee57b8607

SHA1
ae1a0f8ebe5b089ed3a8f611d6e4db99d737328d

SHA256
6415d763346bc018b6d25072cac602989598d5cc26876ca862b1db3d314a5da4

SHA512
a6a10561e5b3841266688473b665b4189760febb911d8f9d0598c27929febbea9e441e9bf0e23969d603d81771574315bcbf715f82fc5d78c73a810ae095b36c

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
1.4MB

MD5
8b15597b4659913a458b9eb8e01e4c57

SHA1
4e7ee80845c3ed412073f0eba922e03c37166fa8

SHA256
e93dd8c60c2f589a8ba108831821a1053ef2825014b7ca95c20ae155371cfc97

SHA512
c8cb99bb432f203ba9389a8582659e5c006aa9235dee7b1fdde25604e712bf3d18170e6359b06236d1c926f1b89e3ad27c8ee25693fd683a2c147fd97894a867

Download Submit
\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
606KB

MD5
585efec1bc1d4d916a4402c9875dff75

SHA1
d209613666ccac9d0ddab29a3bc59aa00a0968fa

SHA256
2f9984c591a5654434c53e8b4d0c5c187f1fd0bab95247d5c9bc1c0bd60e6232

SHA512
b93163cba4601ed999a7a7d1887113792e846c36850c6d84f2d505727dc06524bb959469f9df12928769f4535dc6074a6b3599b788a4844353e466742ce1e770

Download Submit
memory/2964-5-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download
memory/4208-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4208-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4672-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-43-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/4672-42-0x000000006DEE0000-0x000000006DF78000-memory.dmp

Filesize
608KB

Download
memory/4672-44-0x0000000001030000-0x00000000028E5000-memory.dmp

Filesize
24.7MB

Download
memory/4672-45-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-41-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/4672-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-61-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-71-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-81-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-86-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-91-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4672-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download