purplefox | 8d1f1626ef9ce403faa2346bbf301ced9bc35ea35f61860e16f76047feaa47f6

Analysis

max time kernel
119s
max time network
143s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-09-2022 05:54

Target

8d1f1626ef9ce403faa2346bbf301ced9bc35ea35f61860e16f76047feaa47f6.exe
Size

2.1MB
MD5

04a041143800807a5c09cf6058d87501
SHA1

684a2c53b4f65f9d33eba90e7664de047cb2b525
SHA256

8d1f1626ef9ce403faa2346bbf301ced9bc35ea35f61860e16f76047feaa47f6
SHA512

8d46cf79eb43dc80542e5d6358b12831bded193eab2bc24533ab99d50d0779aeb1eb6d89ee128e5428fbd518d3e43af61fc4be621c0061b6f66e5082be10a22a
SSDEEP

49152:EBY8d0j1mfShNjX0pKRYi3H44hqI//X8SIgs93sljDQkQYv+m7Du1R/:EBx0j1mfgjcKRYSHVhqI//X8DJ81QkQ8

Score

10^/10

Detect PurpleFox Rootkit 1 IoCs

Detect PurpleFox Rootkit.

Processes:

resource	yara_rule
behavioral1/memory/2020-55-0x0000000010000000-0x000000001003F000-memory.dmp	purplefox_rootkit

PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
rootkit trojan purplefox

C:\Users\Admin\AppData\Local\Temp\8d1f1626ef9ce403faa2346bbf301ced9bc35ea35f61860e16f76047feaa47f6.exe
"C:\Users\Admin\AppData\Local\Temp\8d1f1626ef9ce403faa2346bbf301ced9bc35ea35f61860e16f76047feaa47f6.exe"
1⤵
PID:2020

memory/2020-54-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download