purplefox | 02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f

Analysis

max time kernel
116s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2022 08:09

Target

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe
Size

899KB
MD5

77e815f082224c57b60824e4a0e1bd84
SHA1

275ea889ecde5dddd92565b8c2e95eef639b55e8
SHA256

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
SHA512

ebd530738031f6391424609293d485ae54aab0f10c4ff4a8c93667581c7caabd5c40d38f24253eb8a9e0e3a8bba07a4b3edf9aa1e3313f15583628e05595e1fe

Score

10^/10

Detect PurpleFox Dropper 1 IoCs
Detect PurpleFox Dropper.
dropper loader

Processes:

yara_rule

purplefox_dropper
Detect PurpleFox Rootkit 1 IoCs
Detect PurpleFox Rootkit.
rootkit

Processes:

yara_rule

purplefox_rootkit
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
rootkit trojan purplefox
Downloads MZ/PE file
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

yara_rule
purplefox_dropper

yara_rule
purplefox_rootkit

C:\Users\Admin\AppData\Local\Temp\02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe
"C:\Users\Admin\AppData\Local\Temp\02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe"
1⤵
PID:4952

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact