Malware Analysis Report

2025-05-28 17:26

Sample ID 230123-q9khasde27
Target 0c53e355d7115d9ffce8fd6e821f549d.bin
SHA256 538ef5ce32bb75b6adada20c922e5be40d92defd75262796a96622f774184274
Tags
purecrypter downloader loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

538ef5ce32bb75b6adada20c922e5be40d92defd75262796a96622f774184274

Threat Level: Known bad

The file 0c53e355d7115d9ffce8fd6e821f549d.bin was found to be: Known bad.

Malicious Activity Summary

purecrypter downloader loader

PureCrypter

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-01-23 13:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-23 13:57

Reported

2023-01-23 14:00

Platform

win7-20221111-en

Max time kernel

141s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe

"C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 espurity.tk udp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp

Files

memory/1728-54-0x0000000000A60000-0x0000000000A68000-memory.dmp

memory/1728-55-0x0000000076391000-0x0000000076393000-memory.dmp

memory/1728-56-0x0000000004E95000-0x0000000004EA6000-memory.dmp

memory/1728-57-0x0000000004E95000-0x0000000004EA6000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-23 13:57

Reported

2023-01-23 14:00

Platform

win10v2004-20220901-en

Max time kernel

128s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe

"C:\Users\Admin\AppData\Local\Temp\5585edaa1cdcb7c6b2d57f38dc1c35cfbf44e843f681511dc87f3fd61416ab4e.exe"

Network

Country Destination Domain Proto
N/A 8.8.8.8:53 espurity.tk udp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 13.89.179.9:443 tcp
N/A 104.80.225.205:443 tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 209.197.3.8:80 tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 141.105.64.177:443 espurity.tk tcp
N/A 8.8.8.8:53 espurity.tk udp
N/A 141.105.64.177:443 espurity.tk tcp

Files

memory/3268-132-0x00000000000F0000-0x00000000000F8000-memory.dmp

memory/3268-133-0x00000000050B0000-0x0000000005654000-memory.dmp

memory/3268-134-0x0000000004B00000-0x0000000004B92000-memory.dmp

memory/3268-135-0x0000000004AA0000-0x0000000004AAA000-memory.dmp