55e326edd8ef12202de73dbc00c036fc01b17e808b3553080279f49946800eb3

General

Target

teamredminer-v0.3.4-win/start_phi2.bat
Size

927B
MD5

2f5b96aaa09dae557f546301a20f9dfb
SHA1

8c230a96d946d347689b0edb255b24d7182c7cc7
SHA256

5b8b3795c0b2f91f0521de9f26588b0a2dc314e2a74ec73609ff8b8d14dfe6b8
SHA512

b608ffb452e93f621f1c4422a24909ffcf2ab0008377abd4873f13bbb567f4ffd652d2b2dec525c12473b61b54125bc232e4ca545d6bbcfa9c7c4126288ae7cd

Score

9^/10

miner

Malware Config

Signatures

Detected Stratum cryptominer command
Looks to be attempting to contact Stratum mining pool.
miner
Loads dropped DLL 3 IoCs

Processes:

teamredminer.exe

pid process

3752 teamredminer.exe
3752 teamredminer.exe
3752 teamredminer.exe

pid	process
3752	teamredminer.exe
3752	teamredminer.exe
3752	teamredminer.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe	autoit_exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

660 3752 WerFault.exe teamredminer.exe
904 3752 WerFault.exe teamredminer.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

teamredminer.exe

description pid process

Token: 33 3752 teamredminer.exe
Token: SeIncBasePriorityPrivilege 3752 teamredminer.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

teamredminer.exe

pid process

3752 teamredminer.exe

pid	pid_target	process	target process
660	3752	WerFault.exe	teamredminer.exe
904	3752	WerFault.exe	teamredminer.exe

description	pid	process
Token: 33	3752	teamredminer.exe
Token: SeIncBasePriorityPrivilege	3752	teamredminer.exe

pid	process
3752	teamredminer.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 2636 wrote to memory of 3752	2636	cmd.exe	teamredminer.exe
PID 2636 wrote to memory of 3752	2636	cmd.exe	teamredminer.exe
PID 2636 wrote to memory of 3752	2636	cmd.exe	teamredminer.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\start_phi2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\teamredminer.exe
teamredminer.exe -a phi2 -o stratum+tcp://lux.pickaxe.pro:8332 -u LhreQGewLdoGFiqq882Am6i644Qc1h28Wh
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 1300
3⤵
- Program crash
PID:660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 1300
3⤵
- Program crash
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3752 -ip 3752
1⤵
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 3752 -ip 3752
1⤵
PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe
Filesize
4.9MB

MD5
0d46a5e73dc74ebc14753f25796be25d

SHA1
ce737d3ce162912f5a0d8b13db022595b36b889c

SHA256
1e1635f254c180f6c7205444a14251a8dfb299f872b70bd41c69db711c349c15

SHA512
e00e107d9f194eadaa2d383b634a3a580ba43400909643bcfa5c41e069ff21f8a4f0101c3a311e11485dc4bd132463dfc555dc45fc0917ab8fb9be8e6ec47e33

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\temp\3752_748a0000_tls.dll
Filesize
1024B

MD5
df07fdf0d137e7d347c793e0d4ee5a55

SHA1
8cf6824806bd17ed7ac73949e5ea0a6646458be4

SHA256
71d783db4a6f554df408825734e014587498b5f47b68833470d4c97418cbc22a

SHA512
6e9526d511814a523e6ae28539e739ec4efe7dee905a1b1f5663d0e72a0914ee62826e8278a14c60107cf7369a96fec68bbd9a942fb64b463da32c2a08ac9191

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\temp\3752_77960000_tls.dll
Filesize
1024B

MD5
6f000067d6547b9bfaeb2e377ee98e42

SHA1
9ac914c2e7b38f748e1b09afb40bfd9629f95e9c

SHA256
53064feea8cadd819a2205a6e061f1eb191305ac7ff8aa64b4ca3a5ab3160d8c

SHA512
b3e7ad98643cf8f4e6c3ea59c9c893ab6be2d80d5d39e09e6704295886e1db71184ae04b70a984a8ba744e12a0df6f47db96b2d9e32284000e5040f3b18de372

Download Submit
memory/3752-130-0x0000000000000000-mapping.dmp

Download
memory/3752-133-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-132-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-134-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-135-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-136-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-137-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-138-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-140-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-142-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/3752-145-0x00000000001C0000-0x00000000001C2000-memory.dmp

Filesize
8KB

Download
memory/3752-146-0x0000000000C80000-0x0000000000FC5000-memory.dmp

Filesize
3.3MB

Download
memory/3752-148-0x0000000076CC0000-0x0000000077273000-memory.dmp

Filesize
5.7MB

Download
memory/3752-149-0x0000000077BD0000-0x0000000077D73000-memory.dmp

Filesize
1.6MB

Download
memory/3752-161-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-162-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-173-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-177-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-180-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-185-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-184-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-183-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-189-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-191-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-192-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-190-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-188-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-182-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-193-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-181-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-179-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-178-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-196-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-198-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-200-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-203-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-205-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-206-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-204-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-202-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-201-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-199-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-197-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-195-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-194-0x00000000748A0000-0x0000000074AB0000-memory.dmp

Filesize
2.1MB

Download
memory/3752-176-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-175-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-174-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-172-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-171-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-170-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-169-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-168-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-167-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-166-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-165-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-164-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-163-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-160-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-159-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-158-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-157-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-156-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download
memory/3752-155-0x0000000074AE0000-0x0000000074B08000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads