73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
293s
max time network
301s
platform
windows10-1703_x64
resource
win10-20231220-ja
resource tags

arch:x64arch:x86image:win10-20231220-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
13/02/2024, 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4448	b2e.exe
2892	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
2892	cpuminer-sse2.exe
2892	cpuminer-sse2.exe
2892	cpuminer-sse2.exe
2892	cpuminer-sse2.exe
2892	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-5-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 4448	2348	batexe.exe	39
PID 2348 wrote to memory of 4448	2348	batexe.exe	39
PID 2348 wrote to memory of 4448	2348	batexe.exe	39
PID 4448 wrote to memory of 3268	4448	b2e.exe	53
PID 4448 wrote to memory of 3268	4448	b2e.exe	53
PID 4448 wrote to memory of 3268	4448	b2e.exe	53
PID 3268 wrote to memory of 2892	3268	cmd.exe	51
PID 3268 wrote to memory of 2892	3268	cmd.exe	51

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\9337.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\9337.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\9337.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\951C.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3268

C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9337.tmp\b2e.exe

Filesize
355KB

MD5
e88364659d153c4c6875159f4e3edef6

SHA1
4cbca5c28781ceb23e3ffd889443204ba7e71041

SHA256
9c1696ee37c02fe61410049915a97b3a0f67c3fd35eec94048d29bedbc281f62

SHA512
22a4c9bab84c42518e8a9bdec8bc9737518584cee2fa1889df94d634339f3c735cb02ac09df285cf16a76db39a0ad9478d6cc35f74121c2e68988f3c879dacaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\9337.tmp\b2e.exe

Filesize
435KB

MD5
b55e1900845add9155a86978b8747e66

SHA1
08d8a32fd53bf403ab57aa5d1eb032fa242d046e

SHA256
6ee85a6943ecc5e2783382913479e0b16dd62398c7031a537e4f5a46af0fe9d5

SHA512
610b4ce48a9f3c4a1cb75e1b32e7e1b0ce5d7909aa947665d30f7393675e44310cf50136e2d9e4c043c32383867e61a7c0ddcf54801d3b5289f3eaa87b608ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\951C.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
349KB

MD5
3b2a0ee66595ce5cc05c340f4178ba96

SHA1
63181b8a5715343e1e0c78908b293508fd83a5dd

SHA256
cdcb9a07a27d2ca048047b7a183ba5fcd5f2a4287bcc9c52f0919d15bad3e076

SHA512
4637d8424ef1e2b8c89b5b40409bb1c2f2c923e48abbe83675850a0a05a7d498f67635bc0f0ad698b9b594e82620289e41a9f4549f7cdef1933c92cfa3e23ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
286KB

MD5
46743aaf2d5a417a062c552a2d354cae

SHA1
4e3c484b52f0e193c2728a1b019cf5f146fd37e6

SHA256
e35426c715b61bf3c90d91dece68b122529ad80fcff9c5659e1832c23e562b3a

SHA512
6dd8ebee4b4b710c89da010d2bb3a5c15e01ba1f96e911fb8ec18738ac88bde13773ce7c0674ca0210dbb5ae6d33dc915d6b09e3e3905ca64bab556023b403ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
260KB

MD5
96a2306f1fce6b8c407f9e2566a5fc05

SHA1
11e64005ceb7cc4c5154e62503fe8daa1b98501b

SHA256
784c10489e0bcd09d156179c349f258d8980481d9274e1c684f04ddfdbf0b46e

SHA512
a821cf85b3e888a46514859b659fe086140299be967c9f31201f37acb1cfbac2164ce935809cc0878b0e386abf5f15e10b0a9889a324648c701f59ee3a1943ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
328KB

MD5
f2061ef24b6df7c7dec2ba941ca22f44

SHA1
794172b5b1ece61487df40eccd2a8cb8c519d655

SHA256
958054dccf785675f26fa8ead9091bf5f720ba9d8eacbf95cfd880e5b4c305ab

SHA512
d49fe7c5079b50d29bd916fff3d75d46266ada42d1a1c5358e9524affc5967aee9df68888ca59b9adbbf37cb4f55c8f8aa3992154797308bd9aaea477cf956e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
275KB

MD5
bc95d14a2e9afa3b4d5ba7be6caae648

SHA1
186addffed01eaa9f9b8869c5eabe25db20e8f1e

SHA256
b2ea3f2fde4c2b59e8496da8359fb21b332ada4daf6a6e39f9901fb9829a33ea

SHA512
5ebd55a1fe1e173f66ca60d7689f7745686ed36b241f365f950fe2680e597ae93edb311552551969c8cc3e0041d92c7ff0aaf9b6b91c8be8aee2ca0c66daf17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
234KB

MD5
c4b41effa3dff39b555a58fbb848daf2

SHA1
56798d75a3b6da86311c1cc252e40e2e3a3afe4e

SHA256
7ce1578da88968966ec0dfdee202532c993dea232367d180daaa56307bcc2fdf

SHA512
82680cc34c69a30fb081fd1f27dcc01e4e0fbe7f28d054959f46412c446ba744b6eee84037e2ea756672d3c2c5f8a713f3b3de9d8987fc0697072b318f898892

Download Submit
\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
351KB

MD5
738b3a065cf1798e4792758533704028

SHA1
ebf34b1fc6df61a8bfcbb8851b434f409cacfef5

SHA256
4a39bca004b34bf43bc4d03d2b74985413ba866965aaf9c1ca698c9cf8e3c662

SHA512
b4d6bebc1aa6649ea28b539df2ece476bcb82b4aa152f95cff4319f3855dc1427b95dde25bd685efe283c72d0413b07e4e3bab445727e492a9df5f68d9e5b5e5

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
333KB

MD5
adc6f77a6f295c2de29b8a05185be4bf

SHA1
bb844aac890db06f8605968e3a07cde269cc5dd0

SHA256
f05795c93b24cb41f778fa9e0fdca410c8101ca16fc13edd0904886e237a8c99

SHA512
f8732aedf5d1b4e6d5473bfb728dd67b829497678d144f831457eba220c71d07501deafaaae25707577dec439d9f9accccf6c0fa93aa88ea10a16001e1a328ce

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
290KB

MD5
bcde67c2f0a477696b1c0241e07ded1b

SHA1
335edec06342779857ae3efced2cfa197f262e5d

SHA256
c0ff7367afc498bf125e623a5e5fa92a0cff4800eef6e88b2e40200c7b2def77

SHA512
5d63216372b3f27a7320aa02ab8ec1d8f9bf7a489601cb865012c04e0f5c82896313b9a84f865cbf5b09d5eeffdd0b81cec74f3d8c9f6fee884f659824be71e6

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
249KB

MD5
86ffadde930bea9610b3e3dd835f3b4f

SHA1
8b21f4e4054119af07cecb58a79940c6e3536ece

SHA256
a534979641372f3eab8f0543c207075fd4e2fb21b1c05710de94f9e5d51c6263

SHA512
146b8aa9b6757f27028ed8cfb563994f5346fd6459738fba658fa7a91d5527fcb167c323165ce2df5f126946502f966acf115647399a16bea606097cc8377236

Download Submit
\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
214KB

MD5
528c42230ccfb22c1e57174e9e6cba01

SHA1
1d0e7c6c498251573b8947daca8b0419b67d51b2

SHA256
4e8dab94302b0b76c5484d4c8e38d18e666ac37ac7c8893a58d777f7b397c28b

SHA512
19f0097968668b6c0511f85f111f0025198e4f54e5715c48f8308f16944386ec163a6e1d9b17fa6510040dbcdc90f2d923199c18f38b6ba9495efbb7ce1bfb61

Download Submit
memory/2348-5-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download
memory/2892-42-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/2892-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-43-0x0000000060D70000-0x0000000060E08000-memory.dmp

Filesize
608KB

Download
memory/2892-41-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/2892-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-44-0x0000000001080000-0x0000000002935000-memory.dmp

Filesize
24.7MB

Download
memory/2892-45-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-51-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-96-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-61-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-71-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-76-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/2892-81-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4448-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4448-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download