purecrypter | 940962a877f581558d30c735c4bc00fc43f46aea046ead732611a6647bcb19ae | Triage

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2023 14:31

Sharing

Report Analysis Logs

General

Target

Kzzexzgao.exe
Size

6KB
MD5

57fef8f1f5588749972ca86427a84ac2
SHA1

f02eeb37ab23baef39a9c473c0d140778eb89cd5
SHA256

940962a877f581558d30c735c4bc00fc43f46aea046ead732611a6647bcb19ae
SHA512

930b61e0f825afc2e8f05ec2937759cbfbfbcc9fea95a3d3da8f0967072761e2d1f8e93b47e171524aa2282e32048bc8a85e3ac524bcac6e2a8e15c020e9e074
SSDEEP

96:y84Z26fM8osEEa79lbJWFPATRyUoSRCQ1tAkA3wzNt:qbZo7+PgUDi/4S

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

C2

https://cdn.discordapp.com/attachments/1069503522103644191/1069548449265098822/Tnqrgaadbre.dat

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1052	1660	WerFault.exe	84

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	Kzzexzgao.exe

C:\Users\Admin\AppData\Local\Temp\Kzzexzgao.exe
"C:\Users\Admin\AppData\Local\Temp\Kzzexzgao.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 1972
  2⤵
  - Program crash
  PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1660 -ip 1660
1⤵
PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-132-0x0000000000CB0000-0x0000000000CB8000-memory.dmp

Filesize
32KB

Download