Analysis
-
max time kernel
10s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
27-07-2021 13:05
Static task
static1
Behavioral task
behavioral1
Sample
2bc33.exe
Resource
win7v20210408
0 signatures
0 seconds
General
-
Target
2bc33.exe
-
Size
354KB
-
MD5
56405ac1aada433e5134304744981cee
-
SHA1
d03df32535bd469e4dd5033d0fe8785c4b23ee91
-
SHA256
2bc33396eeb4553f5c5187d16d426d71bc7156c9bcc7c7fd7bce43b29447e6ab
-
SHA512
9c7aa5303dd38a0424533f474d271b658e2f7b614f804e0e3fd1489980a2d320e6a92f20c4ea28349763957004c7bd48ba8d088df6955fe68902c76da7ddabdc
Malware Config
Signatures
-
Taurus Stealer Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2256-115-0x0000000000400000-0x0000000000851000-memory.dmp family_taurus_stealer -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 1328 timeout.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
2bc33.execmd.exedescription pid process target process PID 2256 wrote to memory of 3060 2256 2bc33.exe cmd.exe PID 2256 wrote to memory of 3060 2256 2bc33.exe cmd.exe PID 2256 wrote to memory of 3060 2256 2bc33.exe cmd.exe PID 3060 wrote to memory of 1328 3060 cmd.exe timeout.exe PID 3060 wrote to memory of 1328 3060 cmd.exe timeout.exe PID 3060 wrote to memory of 1328 3060 cmd.exe timeout.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2bc33.exe"C:\Users\Admin\AppData\Local\Temp\2bc33.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\SysWOW64\cmd.exe/c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\2bc33.exe2⤵
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\SysWOW64\timeout.exetimeout /t 33⤵
- Delays execution with timeout.exe
PID:1328