purecrypter | 73d448c429921a844a556fb0d5addc6af5bab77842fddb4782cbbd18086995ec

Analysis

max time kernel
64s
max time network
56s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/01/2023, 10:23

Target

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
Size

44KB
MD5

54b04c4846fab92642827b0d8fa86474
SHA1

7292d1728cc295f12c0dcb76570f3bc4d63d0a8e
SHA256

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e
SHA512

ef43bd4fa008f5bad4bd8368801c3bbbaa2cd3b0cdd38d9a8e4b3d4115df389d0b474d83878d9fdb25d7cc43d18d99c20e3fc246429b7609e72bb9ea21f7ef44
SSDEEP

192:wijBJmGQCBff2YnZx9Km4JCSYx8tfMHHoYYwOJ4etAEdKdO58rLGgi47sZXCBeOj:wGaKnZmHG8tUHHojSe3iV9qXBKmAY

Score

10^/10

Family

purecrypter

https://cesarsoriano.pe/wp-content/uploads/Tfykjvlwy.dll

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1544	1480	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	28
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	28
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	28

C:\Users\Admin\AppData\Local\Temp\77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
"C:\Users\Admin\AppData\Local\Temp\77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1480 -s 1060
  2⤵
  - Program crash
  PID:1544

memory/1480-54-0x00000000010C0000-0x00000000010D0000-memory.dmp

Filesize
64KB

Download