Analysis

  • max time kernel
    127s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    22-10-2022 20:53

General

  • Target

    1f7ce43b4cd2e523ae2d979f12d375c2c0b637a4a960a470bd30e793712080e4.exe

  • Size

    912KB

  • MD5

    452c2ac239e6e432b6ba107041e3a489

  • SHA1

    0603a85561b66f4651e592ef04673d31585672ac

  • SHA256

    1f7ce43b4cd2e523ae2d979f12d375c2c0b637a4a960a470bd30e793712080e4

  • SHA512

    5b432b4d3189b4671e5e623cf523441bdd1abee95b3cd11839e8e30f0453b61ab8e6115805f8593912619031fad2674fcecef630995c4daa8eb48d63ea2496dc

  • SSDEEP

    12288:959c/ygD9wR9BAYQhw2izuT7kNsq71QFwqOvlp7Xf6I9T7/Min:9j8wR9CYQmuTk76FYlp7XfJpn

Malware Config

Signatures

  • Detect PurpleFox Rootkit 1 IoCs

    Detect PurpleFox Rootkit.

  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f7ce43b4cd2e523ae2d979f12d375c2c0b637a4a960a470bd30e793712080e4.exe
    "C:\Users\Admin\AppData\Local\Temp\1f7ce43b4cd2e523ae2d979f12d375c2c0b637a4a960a470bd30e793712080e4.exe"
    1⤵
      PID:1492

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1492-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp
      Filesize

      8KB

    • memory/1492-55-0x0000000010000000-0x0000000010039000-memory.dmp
      Filesize

      228KB