Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
19-04-2022 12:20
General
-
Target
8e5ff8524b5173cac14b26aa4ddee01cad6e50629818e467f1e92ad5947f2240.exe
-
Size
326KB
-
MD5
199eb1788868ac414bcbac0e2f18ca0f
-
SHA1
324290f7a1db6edc4f68cbb4ebb9a40a0fd35415
-
SHA256
8e5ff8524b5173cac14b26aa4ddee01cad6e50629818e467f1e92ad5947f2240
-
SHA512
a04476686bcf9c8baae61065a302ccadf35a76b316d949941bf391e8c133144fe648646406cb3cfcfb60bef37bec6e79f954fa7f68712b735b7bc36a4fd84cdf
Score
10/10
Malware Config
Signatures
-
Taurus Stealer
Taurus is an infostealer first seen in June 2020.
-
Taurus Stealer Payload 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e5ff8524b5173cac14b26aa4ddee01cad6e50629818e467f1e92ad5947f2240.exe"C:\Users\Admin\AppData\Local\Temp\8e5ff8524b5173cac14b26aa4ddee01cad6e50629818e467f1e92ad5947f2240.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 6882⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 6962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 7002⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 6962⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 8442⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 9522⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 11562⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 12202⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 12682⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3816 -ip 38161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3816 -ip 38161⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
132KB
-
Filesize
132KB
-
Filesize
216KB
-
Filesize
31.1MB