90bfef00265a9bbf419c2fac87b67c200f4f630efd79270df6420e283464e885

Analysis

max time kernel
12s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
12-07-2021 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pure_mx.exe
Size

6.8MB
MD5

58d5dbfe8e30e8b5b335aeb371f46d93
SHA1

0194a017ef83df2d253985232db1b1c0403ec28b
SHA256

90bfef00265a9bbf419c2fac87b67c200f4f630efd79270df6420e283464e885
SHA512

8987ba3015f109570a62a328595132c4cb160421228c6617a3a6ac73bed787fad3a113a322137073f809566e31289274e280017c4903410bd22626cb7ab5dff4

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

Processes:

pure_mx.exe

pid	process
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe
1072	pure_mx.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

pure_mx.exe

description pid process

Token: 35 1072 pure_mx.exe

description	pid	process
Token: 35	1072	pure_mx.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

pure_mx.exe

description	pid	process	target process
PID 3484 wrote to memory of 1072	3484	pure_mx.exe	pure_mx.exe
PID 3484 wrote to memory of 1072	3484	pure_mx.exe	pure_mx.exe
PID 3484 wrote to memory of 1072	3484	pure_mx.exe	pure_mx.exe

C:\Users\Admin\AppData\Local\Temp\pure_mx.exe
"C:\Users\Admin\AppData\Local\Temp\pure_mx.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3484

C:\Users\Admin\AppData\Local\Temp\pure_mx.exe
"C:\Users\Admin\AppData\Local\Temp\pure_mx.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1072

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI34842\VCRUNTIME140.dll
MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_bz2.pyd
MD5
2dd25ac2510c5640169d89ee220e748e

SHA1
38fd561088e61e4dbb97a026bfee8fbf6533250e

SHA256
f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54

SHA512
e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_ctypes.pyd
MD5
4873eef1f9b652605cb7567bf5f63a59

SHA1
699bcc7439c2255eb54b3048a0255624cfcfb1d4

SHA256
c1688643a182f1b9692284ee24293ae90b5496e95b356d6ec175f18d9a6ec566

SHA512
335a9d6a6f5f0189a1b906561e3bf1d5f6c86d17fdc952fd45a8e6a3d6b814ad919e8ca9ae5f3a6261549361cd4b5f00d366ceb77c66b4c562fd53692b24b2d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_decimal.pyd
MD5
2a22a7c58067bed977ee3656d1818f69

SHA1
663c0d725905913fd8e42064fbe25f4cd6ffeff3

SHA256
6fbeceb84331902154a5f81573228149ae9fcb3e6a814abea99589de09fcc433

SHA512
18369debfb2604a012cb11cc4879d18a90553d64134af7fbb52f6df8156ec283631920c3e26ca2ca6b3c6e571e0a3c56b26ea706509072d0d4f05ef81961a3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_hashlib.pyd
MD5
d7fb745382c6356cb58a865b7868a87f

SHA1
c05940c7e57e7e1c8e031d1644cd91f507adf5e1

SHA256
a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d

SHA512
1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_lzma.pyd
MD5
3f9883975873f598093f33164be01fbc

SHA1
851b304266d19ec89193ade145e7aa7094cb9217

SHA256
1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831

SHA512
a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_queue.pyd
MD5
4f38eb31e85412b5bb3cc955f7a83cfb

SHA1
5752194a2987b795636e708bae7d436e064790ec

SHA256
326f00f00dabf86b33325b8f6344a141aefb2a56ba5c173d2efe175efa72058b

SHA512
814f7904ec79ca03750fc57b64329c8ef4c3fe3648f65b63ec103b21a07278f038e8b786559085b612abd442d67493681e3bf8f6a6ab18c2b112b67a9e327f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_socket.pyd
MD5
86d72934a494121978ef74c8b8aca5a4

SHA1
3c15697eee23365722f79d70710ac0a1ba5de6e1

SHA256
24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb

SHA512
b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\_ssl.pyd
MD5
6e8d415d50d8292dbfb479447ac09c27

SHA1
cb2154d70a5cb9a875309e0860b82a825c6416f0

SHA256
5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0

SHA512
a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\base_library.zip
MD5
ae3aa43745fe70445f7d20a14b18b58d

SHA1
d5a00866debf8bf15c0ac289dbf9264b53acdd93

SHA256
4db3898f339adbb7ec4098c89d8b6edafc09dc12dca1679b2ea1672dade33572

SHA512
255d69410eca1ff7962a4c2c1ba563f23bc777ec026e7a153bf780bf41a966c7b9505dbceec30bec93e6a2e0b7ebed9f488b3104ce46a5f30bc9af7fd7d27d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\certifi\cacert.pem
MD5
1ba3b44f73a6b25711063ea5232f4883

SHA1
1b1a84804f896b7085924f8bf0431721f3b5bdbe

SHA256
bb77f13d3fbec9e98bbf28ac95046b44196c7d8f55ab7720061e99991a829197

SHA512
0dd2a14331308b1de757d56fab43678431e0ad6f5f5b12c32fa515d142bd955f8be690b724e07f41951dd03c9fee00e604f4e0b9309da3ea438c8e9b56ca581b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\libcrypto-1_1.dll
MD5
25c4ebe7eb728eb40f9f9857849abad9

SHA1
d907b46d6b5924a4d887438583145b8d2edda10c

SHA256
ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a

SHA512
9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\libssl-1_1.dll
MD5
a11c90defa3969b20b8730450447636c

SHA1
05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0

SHA256
5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255

SHA512
d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\python37.dll
MD5
c66cff63d88f6e9dd4d8e12263a928b5

SHA1
95c617965db8d8ddb76c2775a2441d1609605162

SHA256
1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718

SHA512
993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\select.pyd
MD5
91ce806fb378ca8e5752aefeb5775da8

SHA1
5d18e0120b181f56562c228a360283fed1071d1f

SHA256
715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6

SHA512
ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI34842\unicodedata.pyd
MD5
c184941d097bf03782cc74b785e6dada

SHA1
c4ca2607047ef69e0cff516d38c4147087f45b02

SHA256
95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891

SHA512
1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\VCRUNTIME140.dll
MD5
ae96651cfbd18991d186a029cbecb30c

SHA1
18df8af1022b5cb188e3ee98ac5b4da24ac9c526

SHA256
1b372f064eacb455a0351863706e6326ca31b08e779a70de5de986b5be8069a1

SHA512
42a58c17f63cf0d404896d3b4bb16b2c9270cc2192aa4c9be265ed3970dfc2a4115e1db08f35c39e403b4c918be4ed7d19d2e2e015cb06b33d26a6c6521556e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_bz2.pyd
MD5
2dd25ac2510c5640169d89ee220e748e

SHA1
38fd561088e61e4dbb97a026bfee8fbf6533250e

SHA256
f5086031019c5e03afcfee227c4d30e82b68c24f5a5871640c3e8682852d9a54

SHA512
e4fab2e20031dec366c113fe10ff81d759a2a1837cd1ee2598bb6c1107cb16a6db13501b69e80ee08e61005020b557221f858b690e2a3bab13a94fb04f87ef62

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_ctypes.pyd
MD5
4873eef1f9b652605cb7567bf5f63a59

SHA1
699bcc7439c2255eb54b3048a0255624cfcfb1d4

SHA256
c1688643a182f1b9692284ee24293ae90b5496e95b356d6ec175f18d9a6ec566

SHA512
335a9d6a6f5f0189a1b906561e3bf1d5f6c86d17fdc952fd45a8e6a3d6b814ad919e8ca9ae5f3a6261549361cd4b5f00d366ceb77c66b4c562fd53692b24b2d4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_decimal.pyd
MD5
2a22a7c58067bed977ee3656d1818f69

SHA1
663c0d725905913fd8e42064fbe25f4cd6ffeff3

SHA256
6fbeceb84331902154a5f81573228149ae9fcb3e6a814abea99589de09fcc433

SHA512
18369debfb2604a012cb11cc4879d18a90553d64134af7fbb52f6df8156ec283631920c3e26ca2ca6b3c6e571e0a3c56b26ea706509072d0d4f05ef81961a3ce

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_hashlib.pyd
MD5
d7fb745382c6356cb58a865b7868a87f

SHA1
c05940c7e57e7e1c8e031d1644cd91f507adf5e1

SHA256
a5ced194f4a143e6f517c22e6a1edbabca0d875243845bc57a87c2d70c07f23d

SHA512
1a19293c041811a72dbc88807aaa6a396600732f716ccbb2d976850c01f69d1ddeb5101e56c9b92fbb02496481e9da3fcc47af96bf8e9102477f9f28386f94c4

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_lzma.pyd
MD5
3f9883975873f598093f33164be01fbc

SHA1
851b304266d19ec89193ade145e7aa7094cb9217

SHA256
1afb4acf310dc86ab032cf27fb59c468ca7e65448b899dc31d5a53317d5bc831

SHA512
a0613ed7bbab49a8da297d4947d5595c0637df1186834e19db8bc800d2f01bc1f8531e20921093778e1006edcf6705d9e49751106552520c0dd001c66a5dfc6c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_queue.pyd
MD5
4f38eb31e85412b5bb3cc955f7a83cfb

SHA1
5752194a2987b795636e708bae7d436e064790ec

SHA256
326f00f00dabf86b33325b8f6344a141aefb2a56ba5c173d2efe175efa72058b

SHA512
814f7904ec79ca03750fc57b64329c8ef4c3fe3648f65b63ec103b21a07278f038e8b786559085b612abd442d67493681e3bf8f6a6ab18c2b112b67a9e327f37

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_socket.pyd
MD5
86d72934a494121978ef74c8b8aca5a4

SHA1
3c15697eee23365722f79d70710ac0a1ba5de6e1

SHA256
24657ecfde063412c941aaa6a085341d45ecf4c0153b37b7476459835ccb3cbb

SHA512
b7e720d4801690b6c610726046070b8a761113c30a14d6c54205f3ea5ae273494fa28b1fe57c33e196b71d7b2c1be28a3acbf5a3337cad0e9e4216918d8487e7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\_ssl.pyd
MD5
6e8d415d50d8292dbfb479447ac09c27

SHA1
cb2154d70a5cb9a875309e0860b82a825c6416f0

SHA256
5b616af730aa15a75558afa50e725c7d4d4e5b22bbffd348df2239425cfeadd0

SHA512
a8196e2536a3c733b59fa11da10f85eda0d2c50deb246d895fccbcb7f8e33c7aa11928ce8264eabaf0e9c761f5b11c7e65cb4ec503c0338c90e1d7180f7c0bac

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\libcrypto-1_1.dll
MD5
25c4ebe7eb728eb40f9f9857849abad9

SHA1
d907b46d6b5924a4d887438583145b8d2edda10c

SHA256
ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a

SHA512
9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\libcrypto-1_1.dll
MD5
25c4ebe7eb728eb40f9f9857849abad9

SHA1
d907b46d6b5924a4d887438583145b8d2edda10c

SHA256
ee585c57129d29c67d1f038ca35113ce34319bff1e8e163588e394dd096cd04a

SHA512
9f43ac67d873d28415ce4bb6d5823f361c31a018e3a4d56f191f9c2503ea0e41a8c3b7ca7860bd1abc013e3827ec2d47d9577ddbc128e10a1c2ac78615f7c8a9

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\libssl-1_1.dll
MD5
a11c90defa3969b20b8730450447636c

SHA1
05ec6e2fae9ad1d8446341f0e87d2d0fd7398bf0

SHA256
5b24d33ef69546a929b021738018c55ee6cea62b3ddd8d69a78dcad4dc5c6255

SHA512
d1d1469ed7280b66f9fbd1fae9d1bdc91be8b7a7f2340a4e6163da33f0a4a13043b6f4f5c6eb30bdc164991c16bcec0872e66c9843cc38ddc982e49c41e8cc3b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\python37.dll
MD5
c66cff63d88f6e9dd4d8e12263a928b5

SHA1
95c617965db8d8ddb76c2775a2441d1609605162

SHA256
1d70473101f95a42764c8430548645b0a9786bac0fe08367f593416c9b791718

SHA512
993001dcf9448dedf49fea89a76294364501dd09eac88184511e6ebab997119ac94e3e9d596d02571174f5a04b1d4ec6888f494eb0810e28bdb674867695005b

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\select.pyd
MD5
91ce806fb378ca8e5752aefeb5775da8

SHA1
5d18e0120b181f56562c228a360283fed1071d1f

SHA256
715b9028dbd2faef7a084b8919086fe258b5069f295655deae5dff95f6cb23f6

SHA512
ef557947653936f1dc9e68730d7edba420a2b7011c85fa55446c31f60e1af3732aa312fee91d72c39223d008d0231047d55d77e649ed1e6a09de663b78246fd7

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI34842\unicodedata.pyd
MD5
c184941d097bf03782cc74b785e6dada

SHA1
c4ca2607047ef69e0cff516d38c4147087f45b02

SHA256
95c2e7b6bb25a0beb8a5c0376ceed33098d9991cda0414f844f5b9b506167891

SHA512
1c284dbff3ddfc76af8a649d237f90e87a9ecd7e36783626ebff7fca1cf1532b6b455372445b29352bc12df23a2e095f994f0ca454877f9ea38558875c314137

Download Submit
memory/1072-114-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads