purecrypter | 73d448c429921a844a556fb0d5addc6af5bab77842fddb4782cbbd18086995ec

Analysis

max time kernel
64s
max time network
56s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-01-2023 10:23

Target

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
Size

44KB
MD5

54b04c4846fab92642827b0d8fa86474
SHA1

7292d1728cc295f12c0dcb76570f3bc4d63d0a8e
SHA256

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e
SHA512

ef43bd4fa008f5bad4bd8368801c3bbbaa2cd3b0cdd38d9a8e4b3d4115df389d0b474d83878d9fdb25d7cc43d18d99c20e3fc246429b7609e72bb9ea21f7ef44
SSDEEP

192:wijBJmGQCBff2YnZx9Km4JCSYx8tfMHHoYYwOJ4etAEdKdO58rLGgi47sZXCBeOj:wGaKnZmHG8tUHHojSe3iV9qXBKmAY

Score

10^/10

Family

purecrypter

https://cesarsoriano.pe/wp-content/uploads/Tfykjvlwy.dll

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1544 1480 WerFault.exe 77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

description pid process

Token: SeDebugPrivilege 1480 77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

pid	pid_target	process	target process
1544	1480	WerFault.exe	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

description	pid	process
Token: SeDebugPrivilege	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe

description	pid	process	target process
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	WerFault.exe
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	WerFault.exe
PID 1480 wrote to memory of 1544	1480	77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1480 -s 1060
2⤵
- Program crash
PID:1544

memory/1480-54-0x00000000010C0000-0x00000000010D0000-memory.dmp

Filesize
64KB

Download
memory/1544-55-0x0000000000000000-mapping.dmp

Download