d7b14a7ca7a6acbef39017b57e6e7d477577fff2eb41215cbf535fe84e57daa2

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BatToExe.exe
Size

1.6MB
MD5

da88bae6d39477fa8a83c0cba04207dc
SHA1

11892e991e615c5b8d8a6ae0796f1a38ecb31388
SHA256

d7b14a7ca7a6acbef39017b57e6e7d477577fff2eb41215cbf535fe84e57daa2
SHA512

bc8a2c0dea5b92358a54fd6f13d64c69c268f96f011d075ff6a47d81bcfb3ed420a9082e3d73bddf47c8dec110532a4dbb9d794411e4761f2b7d9a76ac2b3cb2
SSDEEP

49152:HUTsamVno337VeWgyR7NfO0xaD3UBUujknfROEjoV3ug9:HaSo7VegZfO0xaD3UBUujknZOEjoV3uy

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2892	Bat To Exe Converter.exe

Loads dropped DLL 1 IoCs

pid	Process
2892	Bat To Exe Converter.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2484-0-0x0000000000240000-0x00000000004A4000-memory.dmp	upx
behavioral2/files/0x00070000000233cd-12.dat	upx
behavioral2/memory/2892-14-0x0000000000400000-0x000000000060E000-memory.dmp	upx
behavioral2/memory/2484-23-0x0000000000240000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/2892-24-0x0000000000400000-0x000000000060E000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2484-23-0x0000000000240000-0x00000000004A4000-memory.dmp	autoit_exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2892	2484	BatToExe.exe	82
PID 2484 wrote to memory of 2892	2484	BatToExe.exe	82
PID 2484 wrote to memory of 2892	2484	BatToExe.exe	82

C:\Users\Admin\AppData\Local\Temp\BatToExe.exe
"C:\Users\Admin\AppData\Local\Temp\BatToExe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\Bat To Exe Converter.exe
  "C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\Bat To Exe Converter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4508.tmp\SciLexer.dll

Filesize
399KB

MD5
9092cc0fa27603c620df12b58c4c89df

SHA1
7b2e36fcf71aa8e20c3006a1ec001d50503a66e7

SHA256
6468cdf465b47c64ec621f548fff5e32ca24e21f50a331a17014f68006b12f0e

SHA512
a5a0d023cd06cc3b398b6929dfefb345d1ead3de54728b916e2c1c6a492a34ef610a0eedb55864b6f3d6f98fde2273223b4496a5a27b1b3ba87ba0baa6138419

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\Bat To Exe Converter.exe

Filesize
1002KB

MD5
7612b1f984753b010119bc23bd23d31f

SHA1
960e9ceeb21d01936f0871693b7ce6c846afcbf1

SHA256
5ca9d44f4d22389bb50fe0820f644235d7153a4c3508e06a99c59c1089e3eade

SHA512
84e7d88c3ec9b78c7aa19b18c275e8db8a962e6abee24359a6ccd2c18c94ed6a008be1755e59ceecc6d3fc82d017cf3ee26a0939c085f8d43bdbb92be5bca502

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bat To Exe Converter\settings.ini

Filesize
244B

MD5
6edb7cd0ab09825f59d5e6ce5a29670e

SHA1
2e6843d0e16fa641dfc57670dac53bfa09ea7926

SHA256
d383782a6cdbdf4c41fbdf47e9269faf9ad1f7a2df61f52143b942bb2c35d6fd

SHA512
b7443706a8eeb508c58ac678e1db1110236842b068232215ba3e3e009ac0de03918116bde8dea9faabb78236b899c504444cb7e69e63a3afe5d97802dfeab8a1

Download Submit
memory/2484-0-0x0000000000240000-0x00000000004A4000-memory.dmp

Filesize
2.4MB

Download
memory/2484-23-0x0000000000240000-0x00000000004A4000-memory.dmp

Filesize
2.4MB

Download
memory/2892-14-0x0000000000400000-0x000000000060E000-memory.dmp

Filesize
2.1MB

Download
memory/2892-24-0x0000000000400000-0x000000000060E000-memory.dmp

Filesize
2.1MB

Download