Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

batexe.exe

windows10-1703-x64

7

batexe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    299s
  • max time network
    303s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-ja
  • resource tags

    arch:x64arch:x86image:win10-20240221-jalocale:ja-jpos:windows10-1703-x64systemwindows
  • submitted
    23/02/2024, 13:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    batexe.exe

  • Size

    9.4MB

  • MD5

    cdc9eacffc6d2bf43153815043064427

  • SHA1

    d05101f265f6ea87e18793ab0071f5c99edf363f

  • SHA256

    73cc2881ef511788661955a624db9baf40ac16bc63266c5c3bb3fe62b4856d72

  • SHA512

    fc6945957e160bf7059c936c329aae438e6c1521e5e43a8434f58058230d89e818eb6ff80331a4b952dbb600b8cc134ecba54e5641bf549723c98f85e993fde6

  • SSDEEP

    196608:ERAefrn9wcsTRAJgwusnWpV3h9XxSeEGaT+TKkGzySdUkI56kBIyky:E5Tn9YVwdnWLXxkvLlzkuv

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\batexe.exe
    "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1428
    • C:\Users\Admin\AppData\Local\Temp\AEDD.tmp\b2e.exe
      "C:\Users\Admin\AppData\Local\Temp\AEDD.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\AEDD.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\batexe.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1256
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\B2D5.tmp\batchfile.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
          cpuminer-sse2.exe -a yespower -o stratum+tcp://yespower.sea.mine.zpool.ca:6234 --userpass=DJXKcu8iouhRppneQL9XbYQ9ovs87y4cYZ:c=doge -t 3
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3744

Network

  • flag-us
    DNS
    yespower.sea.mine.zpool.ca
    cpuminer-sse2.exe
    Remote address:
    8.8.8.8:53
    Request
    yespower.sea.mine.zpool.ca
    IN A
    Response
    yespower.sea.mine.zpool.ca
    IN A
    198.50.168.213
  • flag-us
    DNS
    yespower.sea.mine.zpool.ca
    cpuminer-sse2.exe
    Remote address:
    8.8.8.8:53
    Request
    yespower.sea.mine.zpool.ca
    IN A
  • flag-us
    DNS
    213.168.50.198.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    213.168.50.198.in-addr.arpa
    IN PTR
    Response
    213.168.50.198.in-addr.arpa
    IN PTR
    minezpoolca
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.173.189.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • 198.50.168.213:6234
    yespower.sea.mine.zpool.ca
    cpuminer-sse2.exe
    6.9kB
     9.0kB
     73
    76
  • 127.0.0.1:49817
    cpuminer-sse2.exe
  • 127.0.0.1:49819
    cpuminer-sse2.exe
  • 8.8.8.8:53
    yespower.sea.mine.zpool.ca
    dns
    cpuminer-sse2.exe
    144 B
     88 B
     2
    1

    DNS Request

    yespower.sea.mine.zpool.ca

    DNS Request

    yespower.sea.mine.zpool.ca

    DNS Response

    198.50.168.213

  • 8.8.8.8:53
    213.168.50.198.in-addr.arpa
    dns
    73 B
     100 B
     1
    1

    DNS Request

    213.168.50.198.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    23.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.173.189.20.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AEDD.tmp\b2e.exe
    Filesize

    2.8MB

    MD5

    1cd1f1463362e82070bd38c1ad8de2d3

    SHA1

    02b59eedcca64d1bcdbebabb05228cd292c1fdde

    SHA256

    80c54200113264848b0a02dfef414bee7e1000ae8db116136fad1a6474d43e29

    SHA512

    f67290611bf4653411f513f696f93add280763b3da208f3ad6a5c2b171fde413daf0d6e4909a13d93a08eed4946e98332ba40d07e39ba686cf356da9d87c355f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AEDD.tmp\b2e.exe
    Filesize

    2.5MB

    MD5

    35ffee4e793de9e8635fb4a825da13d7

    SHA1

    33e645756e7bd58ca2b085febdd3abbfc9e0627a

    SHA256

    46ff93e4e4951c8f7bcd739c955a7175131da5abb67c7e57cf339265aa6f63ab

    SHA512

    edb5cff501f7558320ba7644d226753cdcee3b2ca390ccd5a218ec3442766aed66d82f12d4d20ce264c89bc1f3f155afc60ee6c2e58f024ff556f65662f3366a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\B2D5.tmp\batchfile.bat
    Filesize

    136B

    MD5

    8ea7ac72a10251ecfb42ef4a88bd330a

    SHA1

    c30f6af73a42c0cc89bd20fe95f9159d6f0756c5

    SHA256

    65e2674fc9b921a76deaf3740603359794c04e059e8937ab36eb931d65f40ec9

    SHA512

    a908979d588625aa24eb81238d07d88a56be5388e1265ebd2fe09889ed807aa9a4af77107e72a843c31acadbe06db0d7f6f6a3c95fb481a71e549e8eb74c2ff0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cpuminer-sse2.exe
    Filesize

    128KB

    MD5

    87bb74a6790018700645a8310bb9a32a

    SHA1

    b0e3e91efa12e0df5ed4538d3b549ab5d9f6c16b

    SHA256

    ee6a846f1dcf082d5216bf314e65e1428af13ce54dfaaeb371d1c54f330c5298

    SHA512

    702e12a0858a1dd987d6a761f0ddc88fee9bce38be3d71f8c9be3fecc8cc6e88763967140f83caf4f2e10109ab95b811bb70bc70ff0b5cce8f0f32713ad3683b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll
    Filesize

    1.2MB

    MD5

    7cf672bee2afba2dcd0c031ff985958e

    SHA1

    6b82a205db080ffdcb4a4470fce85a14413f3217

    SHA256

    c82f84171b9246d1cac261100b2199789c96c37b03b375f33b2c72afab060b05

    SHA512

    3e90d1c1efe0200cb3cc7b51d04783a3cce8391faa6ce554cff8b23dac60be9f8e4f980a8ac005fd9dff8ea4bdcb02311f7649c5be28eb32dcc26417fc4090e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\libstdc++-6.dll
    Filesize

    128KB

    MD5

    9746d1ac79c8b499d8b2224394581fa7

    SHA1

    36b1985eabfd8131ad9f2b7f69c903a3fce67629

    SHA256

    77941fbe96e0c797e6cf5419ee32bd3fcee69629cba37750146656a660c37182

    SHA512

    61a6174e2aced5b85cd614ad2f9d3da24c6b91e1fc04e10ff818222c4323cd043a59708bd35af0de84b004bf492fbc157d72907cd1e7ddf7082fc2a3563ef183

    Download Submit

  • \Users\Admin\AppData\Local\Temp\libcurl-4.dll
    Filesize

    836KB

    MD5

    aeab40ed9a8e627ea7cefc1f5cf9bf7a

    SHA1

    5e2e8ca2881b9bf9edfa3c4fdcec6da1efa102d8

    SHA256

    218cfc4073bab4eddf0de0804f96b204687311e20a9e97994bff54c9b0e01ee9

    SHA512

    c0a67616fa01fdc351015212a718faf70da6612fbb3ec13da28dd7af9a507c56882fb7c3eea6fbc37d4d63b970157199d16d0756dbe3cb3bc2223e215cb104d8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\libgcc_s_seh-1.dll
    Filesize

    64KB

    MD5

    7fcedb6e973c5df3b6652a2afafa6a13

    SHA1

    116728803559ab58a8127544df80b75a0dd1c6d2

    SHA256

    fd7191afdecd35b78a0c0ca0457cbbf42ffda1e52263cd785abca5f047b18825

    SHA512

    05c86bf84079a2cc13dc7a1a917a0839ccd2b18e0440c4bd419c99f65c4161ac69a9447f56bdf6051b2fbbc49b7556fc3717432d0e293dfae2921c0701fe64fd

    Download Submit

  • \Users\Admin\AppData\Local\Temp\libstdc++-6.dll
    Filesize

    5.4MB

    MD5

    dbefe05d4f1077997e9b3986d16468cd

    SHA1

    6a4539202a5cc50450139045a465ec383ecc784f

    SHA256

    024f4bb4cf5a27bbc9bb527c496a162763eefd0ad511f4344449ec4ad00e367e

    SHA512

    d1a8b9a6b30611501dd0ee95fec23619d214521ba6b24bc887bfaa71d9291f2048ccfcba440aed74a5e8e60e1076f07ae73a17010ee0f4e7a287cdd17fcf7e1a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\libstdc++-6.dll
    Filesize

    5.1MB

    MD5

    a88372048aeb5e969e69f038273687b6

    SHA1

    7e836ade8c773d1589ac61962de7befbd2ada0af

    SHA256

    355ef2688cc32d5fc38f7d514c5290b1d5609b64f3e93bf7f1d0dc43987a2bd9

    SHA512

    5d2ba10b4afc505a5e091b468fabdf740d6e171abf688e2e933a2f70ceb6e7261f2cba0580f8f0e76bf4972e001fa90c03f4c3f31363c46e58a1e9ff2af8c9eb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\libwinpthread-1.dll
    Filesize

    64KB

    MD5

    6cccf65bd7d7ff5b53aeb882e15c462c

    SHA1

    a9822b63ad70c6085ed1deda0fbe4bc5fe555f3d

    SHA256

    1379cd6111c2c37cf16f2dd9b325118513e85c35543ba45e79deb504dd4c01d2

    SHA512

    c174b5f8615131c2b86c57aee166744ee1fe02ff7c916195f2fde06684f467545a3fa4f88083335e2045d12727d774279dc8672ec352de3095b729aa5d1dedcb

    Download Submit

  • memory/1256-5-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1256-55-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1428-6-0x0000000000400000-0x000000000393A000-memory.dmp

    Filesize

    53.2MB

    Download

  • memory/3744-41-0x0000000070800000-0x00000000708BC000-memory.dmp

    Filesize

    752KB

    Download

  • memory/3744-56-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-42-0x0000000050730000-0x00000000507C8000-memory.dmp

    Filesize

    608KB

    Download

  • memory/3744-44-0x0000000001110000-0x00000000029C5000-memory.dmp

    Filesize

    24.7MB

    Download

  • memory/3744-45-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-50-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-40-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-43-0x0000000061440000-0x000000006156B000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3744-61-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-71-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-76-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-81-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-86-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-96-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3744-101-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.