purecrypter | 4134bd82bbea78103d0e32728df856870eaa2c0188b59423115c7d779b2bf83a

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/02/2023, 10:43

Target

tmp.exe
Size

6KB
MD5

679104fb0479ff61c4b5e4b88f77d94b
SHA1

bfbcb5d48fb4ab25d52e4e1bedf37a4e7a4a3cab
SHA256

4134bd82bbea78103d0e32728df856870eaa2c0188b59423115c7d779b2bf83a
SHA512

7cb36200865267885939956614a7b8603cd16575a3857e0ecc238ff22d296b29bfb208bb11f61f3856278f6b4585afdb2c8456d2f2630f0fbc33fa298df0253e
SSDEEP

192:zU3efq7iEM9gdH98dfQbLE5lF22vjWwID:Q3efq7iEM9gdH98dfgLE5lI2vjlI

Score

10^/10

Family

purecrypter

https://onedrive.live.com/download?cid=A113DD34A0D77810&resid=A113DD34A0D77810%21125&authkey=AIgE8y9D-kUp_qA

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
672	2024	WerFault.exe	22

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 672	2024	tmp.exe	28
PID 2024 wrote to memory of 672	2024	tmp.exe	28
PID 2024 wrote to memory of 672	2024	tmp.exe	28
PID 2024 wrote to memory of 672	2024	tmp.exe	28

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 1732
  2⤵
  - Program crash
  PID:672

memory/2024-54-0x0000000000D90000-0x0000000000D98000-memory.dmp

Filesize
32KB

Download
memory/2024-55-0x00000000760D1000-0x00000000760D3000-memory.dmp

Filesize
8KB

Download