73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

Analysis

max time kernel
298s
max time network
306s
platform
windows10-1703_x64
resource
win10-20240221-ja
resource tags

arch:x64arch:x86image:win10-20240221-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
23/02/2024, 05:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

batexe.exe
Size

9.4MB
MD5

cdc9eacffc6d2bf43153815043064427
SHA1

d05101f265f6ea87e18793ab0071f5c99edf363f
SHA256

73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72
SHA512

fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6
SSDEEP

196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
748	b2e.exe
4844	cpuminer-sse2.exe

Loads dropped DLL 5 IoCs

pid	Process
4844	cpuminer-sse2.exe
4844	cpuminer-sse2.exe
4844	cpuminer-sse2.exe
4844	cpuminer-sse2.exe
4844	cpuminer-sse2.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1016-5-0x0000000000400000-0x000000000393A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 748	1016	batexe.exe	73
PID 1016 wrote to memory of 748	1016	batexe.exe	73
PID 1016 wrote to memory of 748	1016	batexe.exe	73
PID 748 wrote to memory of 4764	748	b2e.exe	74
PID 748 wrote to memory of 4764	748	b2e.exe	74
PID 748 wrote to memory of 4764	748	b2e.exe	74
PID 4764 wrote to memory of 4844	4764	cmd.exe	77
PID 4764 wrote to memory of 4844	4764	cmd.exe	77

C:\Users\Admin\AppData\Local\Temp\batexe.exe
"C:\Users\Admin\AppData\Local\Temp\batexe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\93F3.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\93F3.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\93F3.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:748
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\97CB.tmp\batchfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
      cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\93F3.tmp\b2e.exe

Filesize
2.4MB

MD5
ee04099ca04456aa3ec3263fc8478095

SHA1
dc89b1634e0fff0e8203cfcfe26600eb97514e7d

SHA256
97d4085421fc14574d853c4bd8eef8f0a70aad1666fba5a51549d26abfc63dd3

SHA512
6bbcf992e0a1d670a0e861ceefcc03bec5cd5b1f9082ccd4324cca368665b135d63a332cf76bea1ffbadb409078c83d8f31c02141c6d1d053c7ceb937b68531e

Download Submit
C:\Users\Admin\AppData\Local\Temp\93F3.tmp\b2e.exe

Filesize
1024KB

MD5
55d3fcf113506e85b6cf485f08b11290

SHA1
539d601fdd7e37fe22412d8c73023e21293ac62c

SHA256
519083ea4de496637895b9c3dd7fa5d9fc1140325272570f09aa0d2bad46f2d3

SHA512
62c0dc6a36ef819eede73c8b041fbdf579ec0ae399654a73a4628555bb84c4e1fdcf314deb659f41986204e2d92acd886dd8735a24a150a309d4035b58a33ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\97CB.tmp\batchfile.bat

Filesize
136B

MD5
8ea7ac72a10251ecfb42ef4a88bd330a

SHA1
c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

SHA256
65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

SHA512
a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
1.6MB

MD5
51a57c612d315cd4202df8e75c1013da

SHA1
e58bc6db0f4c9dd680e300cdc660210316ebcf19

SHA256
7652861f498ad81f347beb2197d0ecd193ddf5645d018e533e840c0765b22b8f

SHA512
cb9b55ca097de0bbec9360f7450cceee0d7c307feb81f59ef0b6caada1cf2862d494a52e3c8eb33a8d894be076298433dbe83ff936feea953c560accfcadb675

Download Submit
C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe

Filesize
928KB

MD5
0dfe45c928dea4dde121a7f6047d2e65

SHA1
1397c1b752006020274cd8c7ece5ac37f4e00ba3

SHA256
29bdcc6a1429f5ed001f21297ea001d6b52a27dfa7fa46699b636d1568f8f5d9

SHA512
cbee498d1980600c4eeabb32079a5c9cec07184c1d650ab2910341f5e681b9710a47a78d5c92f828914c67ccf4ba989077b0b789056cd9d81f9190fd2c97de58

Download Submit
C:\Users\Admin\AppData\Local\Temp\libcurl-4.dll

Filesize
836KB

MD5
aeab40ed9a8e627ea7cefc1f5cf9bf7a

SHA1
5e2e8ca2881b9bf9edfa3c4fdcec6da1efa102d8

SHA256
218cfc4073bab4eddf0de0804f96b204687311e20a9e97994bff54c9b0e01ee9

SHA512
c0a67616fa01fdc351015212a718faf70da6612fbb3ec13da28dd7af9a507c56882fb7c3eea6fbc37d4d63b970157199d16d0756dbe3cb3bc2223e215cb104d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
1024KB

MD5
c6151ba2a5a47dc2053b8becbd8a0b68

SHA1
1f6d6821cc72fdc279db6c9ac0a4fbeec236f2f3

SHA256
1e2b0b487fca221e8095a470e0aeadf8151b008c54ec5f4c7a5b30582d88b90e

SHA512
c4ad99b39c67ce00f245da976fbddf54d6171b8fc33a60fc2fdaeedbf7b8615085de99069dc087c6b1890ad7a7486f559a2412dac7ab0cd301fe24867ebc1d25

Download Submit
C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
1.4MB

MD5
2d32f83dda551589dbdd25c512b2a570

SHA1
71ebc54eabb38ec343e6109a20762ca76b39e9ad

SHA256
c33f8d2d07dedf0b5190947702c87e208ea3c60b2270deca2067b430dfcbb6ba

SHA512
ae6c8d433dd52d26073852e7d412a481603f5835bf52ff1c45f2f1ad87356fbb8a390e99f2d29cd5a3ce841a2ed6d26ec95a1e2cb2a8d45de097cf8e3da17949

Download Submit
C:\Users\Admin\AppData\Local\Temp\libwinpthread-1.dll

Filesize
606KB

MD5
585efec1bc1d4d916a4402c9875dff75

SHA1
d209613666ccac9d0ddab29a3bc59aa00a0968fa

SHA256
2f9984c591a5654434c53e8b4d0c5c187f1fd0bab95247d5c9bc1c0bd60e6232

SHA512
b93163cba4601ed999a7a7d1887113792e846c36850c6d84f2d505727dc06524bb959469f9df12928769f4535dc6074a6b3599b788a4844353e466742ce1e770

Download Submit
\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll

Filesize
1.0MB

MD5
eadf88396c17ad793e539709e8ce8c6d

SHA1
4821e2ddc715699f0f4514fb77af3e53b0fe27cd

SHA256
a14915e1f900da80411d1f3e0fee8674f452badccb46b382cc7ce897197eab2a

SHA512
5ac4ec993272fb7d470f48bbff919537df12bb525aca684865122a2f383584d4b807e079d6ff9612fa3878e9d8f3a263d1ae7bf0d33abe6e8fa5590c9c08598a

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
879KB

MD5
410aada9d3b0e4292e8fbd224525aa01

SHA1
1a9efc8678aebf8b45cc8baf0b7dfe576fa3ea90

SHA256
641ebf3af8628c00290626a5479d7e80e74b1fb5acdcb14e8849063e42ae6e9f

SHA512
a070c88d26ebe251cb84da149015af058efb75aabd242ca295e63bc85c5535a2b26837d936323dffa60ac87304eed8407fa598cdd4738fabc771234f67df0297

Download Submit
\Users\Admin\AppData\Local\Temp\libstdc++-6.dll

Filesize
955KB

MD5
4def448c824e0e7780f0eafd44a74d25

SHA1
9802d7faffa9672f39f0553fafe4bc1a1203bcfd

SHA256
d464f2a5bce250fdc26b1f86adb5382953159f0a669db20540c4be23a34b0165

SHA512
593438f71c3a74122fd4b09ee0165ee4702bf040219ea2543de1d6f2e72c7d5ecf4547f5d774968b6d57d4438eef78773619bb6918b1e0039aaec32cc3ace824

Download Submit
memory/748-50-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/748-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/1016-5-0x0000000000400000-0x000000000393A000-memory.dmp

Filesize
53.2MB

Download
memory/4844-43-0x000000006B1A0000-0x000000006B238000-memory.dmp

Filesize
608KB

Download
memory/4844-56-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-41-0x0000000070800000-0x00000000708BC000-memory.dmp

Filesize
752KB

Download
memory/4844-44-0x0000000000F40000-0x00000000027F5000-memory.dmp

Filesize
24.7MB

Download
memory/4844-45-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-47-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/4844-40-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-42-0x0000000061440000-0x000000006156B000-memory.dmp

Filesize
1.2MB

Download
memory/4844-61-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-66-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-76-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-81-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-91-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-96-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download
memory/4844-101-0x0000000000400000-0x0000000000667000-memory.dmp

Filesize
2.4MB

Download