55e326edd8ef12202de73dbc00c036fc01b17e808b3553080279f49946800eb3

General

Target

teamredminer-v0.3.4-win/teamredminer.exe
Size

6.7MB
MD5

cce80dbe14de96ca15817477b0ac8c03
SHA1

1824ea8e2d15183458e03d40605a097d32565f64
SHA256

f83e0cb2498d6a7044809bf234e29208b193022b2485a0695f2671e061a7272e
SHA512

d52713b297741a8f15092819b3a8f3e56651ce41ef86f29b484c0f9d4536b8b6cf763f88069a030f9a4995f2e2b8040a0c7a50e90c049483bc68933798219635

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

teamredminer.exe

pid process

4328 teamredminer.exe
4328 teamredminer.exe
4328 teamredminer.exe

pid	process
4328	teamredminer.exe
4328	teamredminer.exe
4328	teamredminer.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe	autoit_exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

3168 4328 WerFault.exe teamredminer.exe
4544 4328 WerFault.exe teamredminer.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

teamredminer.exe

description pid process

Token: 33 4328 teamredminer.exe
Token: SeIncBasePriorityPrivilege 4328 teamredminer.exe
Suspicious use of UnmapMainImage 1 IoCs

Processes:

teamredminer.exe

pid process

4328 teamredminer.exe

pid	pid_target	process	target process
3168	4328	WerFault.exe	teamredminer.exe
4544	4328	WerFault.exe	teamredminer.exe

description	pid	process
Token: 33	4328	teamredminer.exe
Token: SeIncBasePriorityPrivilege	4328	teamredminer.exe

pid	process
4328	teamredminer.exe

C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\teamredminer.exe
"C:\Users\Admin\AppData\Local\Temp\teamredminer-v0.3.4-win\teamredminer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 1448
2⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 1448
2⤵
- Program crash
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4328 -ip 4328
1⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4328 -ip 4328
1⤵
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\modified\@SYSWOW64@\rat.exe
Filesize
4.9MB

MD5
0d46a5e73dc74ebc14753f25796be25d

SHA1
ce737d3ce162912f5a0d8b13db022595b36b889c

SHA256
1e1635f254c180f6c7205444a14251a8dfb299f872b70bd41c69db711c349c15

SHA512
e00e107d9f194eadaa2d383b634a3a580ba43400909643bcfa5c41e069ff21f8a4f0101c3a311e11485dc4bd132463dfc555dc45fc0917ab8fb9be8e6ec47e33

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\temp\4328_74aa0000_tls.dll
Filesize
1024B

MD5
1f7c2f4856170686b6bdf51815166671

SHA1
2c8cd4b943add1c30fab136f9e10e35fcdd1d422

SHA256
a26e4f23032f00b2a80025c60d2cb48a0b206d984182e0807d00273107b926f4

SHA512
8151ae0d5393b3931aefcfba13ba6a85f4953a1adaa82c1da0cbdd96aec60dfafaff23accf98349a6fe38b3920a591460483eb4f527eb0b7c92d3fc9e402dd3d

Download Submit
C:\Users\Admin\AppData\Local\ERR\Sandbox\done\9.89.79.69\local\temp\4328_77410000_tls.dll
Filesize
1024B

MD5
f3ba3a13a3c56b814a57caebf3042fda

SHA1
63ec5c1df439e2a4ec9c6313c003b4de8fd69acf

SHA256
37450668b9e2e409334d9760a702a249bdc97ab4bb3f79df157f9796ea91f46b

SHA512
90637f80c82be135384453f03db4ae4c845d9819b6c424e900ce090892b34fc95ee24df3b334bbd6160f773ec98f09296ca0427250d06390f67a1e0f65a82049

Download Submit
memory/4328-131-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-132-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-133-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-134-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-135-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-136-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-137-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-138-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-141-0x0000000000FD0000-0x000000000131A000-memory.dmp

Filesize
3.3MB

Download
memory/4328-144-0x0000000000C80000-0x0000000000FC5000-memory.dmp

Filesize
3.3MB

Download
memory/4328-146-0x0000000075DE0000-0x0000000076393000-memory.dmp

Filesize
5.7MB

Download
memory/4328-147-0x0000000077DD0000-0x0000000077F73000-memory.dmp

Filesize
1.6MB

Download
memory/4328-157-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-162-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-161-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-168-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-176-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-182-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-183-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-181-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-186-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-188-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-191-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-194-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-193-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-196-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-197-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-195-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-192-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-190-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-189-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-187-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-199-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-200-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-202-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-203-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-204-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-201-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-198-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-180-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-179-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-178-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-177-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-175-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-174-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-173-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-172-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-171-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-170-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-169-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-167-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-166-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-165-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-205-0x0000000074AA0000-0x0000000074CB0000-memory.dmp

Filesize
2.1MB

Download
memory/4328-164-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-163-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-160-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-159-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-158-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-156-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-155-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-154-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download
memory/4328-153-0x0000000074CE0000-0x0000000074D08000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads