Analysis
-
max time kernel
143s -
max time network
161s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15-05-2021 00:07
Static task
static1
Behavioral task
behavioral1
Sample
7a9c574a3ef86ab174cc3a48f6b000d1.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
7a9c574a3ef86ab174cc3a48f6b000d1.exe
-
Size
1.3MB
-
MD5
7a9c574a3ef86ab174cc3a48f6b000d1
-
SHA1
4d7ceacb8b4685dc6826ab01a05449340befced7
-
SHA256
24b335b5bb52f65a242f90c1f10fe171a1a4b38214a192c387529aa69280ab60
-
SHA512
4df2deaa71064671c14f316e3a4afa4517ccacde62728628eed66691ff6e12c85aefd9257cce9bc35778371f93edec05e9d45ecdd4e5e8e1c4325f013d863f86
Malware Config
Signatures
-
Taurus Stealer Payload 3 IoCs
Processes:
resource yara_rule behavioral2/memory/212-124-0x0000000000400000-0x000000000043A000-memory.dmp family_taurus_stealer behavioral2/memory/212-125-0x000000000041EC63-mapping.dmp family_taurus_stealer behavioral2/memory/212-126-0x0000000000400000-0x000000000043A000-memory.dmp family_taurus_stealer -
Suspicious use of SetThreadContext 1 IoCs
Processes:
7a9c574a3ef86ab174cc3a48f6b000d1.exedescription pid process target process PID 668 set thread context of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
7a9c574a3ef86ab174cc3a48f6b000d1.exedescription pid process target process PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe PID 668 wrote to memory of 212 668 7a9c574a3ef86ab174cc3a48f6b000d1.exe RegSvcs.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a9c574a3ef86ab174cc3a48f6b000d1.exe"C:\Users\Admin\AppData\Local\Temp\7a9c574a3ef86ab174cc3a48f6b000d1.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:668 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"{path}"2⤵PID:212