Analysis

  • max time kernel
    158s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/01/2023, 09:23

General

  • Target

    Scan001.exe

  • Size

    11.0MB

  • MD5

    ba427361ea9b3883c9d62def5f0515d6

  • SHA1

    cfbc16035d1aa90cfb6cd670ff9b0cc297b5909d

  • SHA256

    0e913a8531cae1910c2c23ac669bcd7764eeac2301113fadc750b9d66b39ba49

  • SHA512

    9021851f9e315564fcb6e8e7ac1d8ce5875a4138d10c0047843723e5f6d754a54d23bd7284d6618efa77a88e628233c8004696f4728f0adf0ce10c42881315b9

  • SSDEEP

    192:8omYdUCaLe0qqITxLxBLfmf7bWLAIL9CH+W83:JRoBGxLxBLuf7bWLAIL90+Wc

Malware Config

Extracted

Family

purecrypter

C2

https://espurity.tk/SystemEnv/uploads/newsoftware-update_Pltnacof.bmp

Signatures

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Scan001.exe
    "C:\Users\Admin\AppData\Local\Temp\Scan001.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4840

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4840-132-0x0000000000650000-0x0000000000658000-memory.dmp

          Filesize

          32KB

        • memory/4840-133-0x0000000005580000-0x0000000005B24000-memory.dmp

          Filesize

          5.6MB

        • memory/4840-134-0x0000000005070000-0x0000000005102000-memory.dmp

          Filesize

          584KB

        • memory/4840-135-0x0000000005010000-0x000000000501A000-memory.dmp

          Filesize

          40KB