Overview

overview

10

Static

static

1a2d0633e0...5c.exe

windows7_x64

10

1a2d0633e0...5c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-04-2022 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe

  • Size

    2.2MB

  • MD5

    a8db0614d948db39b865c1efa5d9eabc

  • SHA1

    4f9561138254cbbde7b8f5a0bf1798d3c2a10bda

  • SHA256

    1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c

  • SHA512

    0641650fef34bdfc9de12ab1c02c12cf0e9d30eb1e525cf60eec5c0470614b6d7b7203c58761ba11338fd461570b6ab49e4d63e90b4f9270ee8eb142c4319a70

Score
10/10
taurusdiscoveryspywarestealertrojan

Malware Config

Signatures

  • Taurus Stealer

    Taurus is an infostealer first seen in June 2020.

    trojanstealertaurus
  • Taurus Stealer Payload 7 IoCs
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses 2FA software files, possible credential harvesting 2 TTPs
    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe
    "C:\Users\Admin\AppData\Local\Temp\1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1012
    • C:\Users\Admin\AppData\Local\Temp\1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe
      "C:\Users\Admin\AppData\Local\Temp\1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Windows\SysWOW64\cmd.exe
        /c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\1a2d0633e0273b5a9583a6e7673651d24aea85545793d804a6d4f692fcda325c.exe
        3⤵
        • Deletes itself
        • Suspicious use of WriteProcessMemory
        PID:1912
        • C:\Windows\SysWOW64\timeout.exe
          timeout /t 3
          4⤵
          • Delays execution with timeout.exe
          PID:1492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1012-54-0x0000000000F60000-0x0000000001198000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1012-55-0x0000000000870000-0x00000000008CC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/1012-56-0x0000000000460000-0x000000000047C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1720-62-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-60-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-58-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-63-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-65-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-68-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-69-0x0000000076851000-0x0000000076853000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1720-70-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1720-57-0x0000000000400000-0x0000000000437000-memory.dmp

    Filesize

    220KB

    Download