Overview

overview

10

Static

static

77d5878301...13.exe

windows10_x64

10

Analysis

  • max time kernel
    50s
  • max time network
    76s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    15-07-2022 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013.exe

  • Size

    357KB

  • MD5

    60580df56a0acf9033a460559bd5330b

  • SHA1

    5414b1e9da7a8009afaf982b94c5c044a508646d

  • SHA256

    77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013

  • SHA512

    11441237d7536ed0ceaa4ff4457410973261b12d2bcdee70228918b01d97c960f2507a6dcf3e17ae3ab31a0cd3aa421925063818d7a3195ecf9859863ff25600

Score
10/10
taurusdiscoveryspywarestealertrojan

Malware Config

Signatures

  • Taurus Stealer

    Taurus is an infostealer first seen in June 2020.

    trojanstealertaurus
  • Taurus Stealer payload 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses 2FA software files, possible credential harvesting 2 TTPs
    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013.exe
    "C:\Users\Admin\AppData\Local\Temp\77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3940
    • C:\Windows\SysWOW64\cmd.exe
      /c timeout /t 3 & del /f /q C:\Users\Admin\AppData\Local\Temp\77d58783013a7d18f57937c53e5ac21840df059a8119b47c5c68dbc3a4809013.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2204
      • C:\Windows\SysWOW64\timeout.exe
        timeout /t 3
        3⤵
        • Delays execution with timeout.exe
        PID:2424

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2204-174-0x0000000000000000-mapping.dmp

    Download

  • memory/2204-175-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2204-176-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2204-178-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2204-180-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2204-181-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2424-186-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2424-185-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2424-184-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2424-183-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2424-182-0x0000000000000000-mapping.dmp

    Download

  • memory/3940-143-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-152-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-124-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-126-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-125-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-127-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-128-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-129-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-130-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-131-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-132-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-133-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-134-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-135-0x0000000000781000-0x00000000007A4000-memory.dmp

    Filesize

    140KB

    Download

  • memory/3940-137-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-139-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-140-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-138-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3940-136-0x00000000001C0000-0x00000000001F8000-memory.dmp

    Filesize

    224KB

    Download

  • memory/3940-142-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-141-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-144-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-145-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-122-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-146-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-147-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-150-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-149-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-148-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-123-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-151-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-153-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-154-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-155-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-157-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-158-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-156-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-159-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-160-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-161-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-162-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-163-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-165-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-166-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-167-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-164-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-168-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-169-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-170-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-171-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-172-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-173-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-177-0x0000000000781000-0x00000000007A4000-memory.dmp

    Filesize

    140KB

    Download

  • memory/3940-179-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download

  • memory/3940-121-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-120-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-119-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-118-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-117-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3940-116-0x00000000772B0000-0x000000007743E000-memory.dmp

    Filesize

    1.6MB

    Download