Malware Analysis Report

2025-05-28 17:26

Sample ID 230115-trx78aha45
Target 10039948490093.exe
SHA256 5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e
Tags
purecrypter downloader loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e

Threat Level: Known bad

The file 10039948490093.exe was found to be: Known bad.

Malicious Activity Summary

purecrypter downloader loader

PureCrypter

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-01-15 16:18

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-15 16:18

Reported

2023-01-15 16:20

Platform

win10v2004-20221111-en

Max time kernel

128s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10039948490093.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10039948490093.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10039948490093.exe

"C:\Users\Admin\AppData\Local\Temp\10039948490093.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 espurity.tk udp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 88.221.25.154:80 tcp
N/A 88.221.25.154:80 tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 104.80.225.205:443 tcp
N/A 20.50.73.9:443 tcp
N/A 8.248.7.254:80 tcp
N/A 8.248.7.254:80 tcp
N/A 8.248.7.254:80 tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 8.248.7.254:80 tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp

Files

memory/4860-132-0x00000000007A0000-0x00000000007A8000-memory.dmp

memory/4860-133-0x0000000005750000-0x0000000005CF4000-memory.dmp

memory/4860-134-0x00000000051A0000-0x0000000005232000-memory.dmp

memory/4860-135-0x0000000002C10000-0x0000000002C1A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-15 16:18

Reported

2023-01-15 16:20

Platform

win7-20220812-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10039948490093.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\10039948490093.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\10039948490093.exe

"C:\Users\Admin\AppData\Local\Temp\10039948490093.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 espurity.tk udp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp

Files

memory/1124-54-0x0000000000980000-0x0000000000988000-memory.dmp

memory/1124-55-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

memory/1124-56-0x0000000004C75000-0x0000000004C86000-memory.dmp