purecrypter | 8650dcaece1489d98b7f6782ae638de33797f2a1018f949ec270054f0893aea0

Analysis

max time kernel
42s
max time network
136s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 10:50

Target

tmp.exe
Size

6KB
MD5

48a13c217c965ed66e5d6c018b89217b
SHA1

2d8b62d02c73e7e2fc367fc64b51350564c7acb4
SHA256

8650dcaece1489d98b7f6782ae638de33797f2a1018f949ec270054f0893aea0
SHA512

b0e5556ad36a74ddfbbbfcd94f04635a614bc70d159aaab8fb540ecd0d823e14c2ed8687b95943cd992b434c37c9bfaa04db79c62f9d654b85616f45d275802a
SSDEEP

96:4rs7rOMGPGDupbGL7g8y23I6mUUWH78kVl6l2xzNt:oKrsPGDupKL7nNhVlk2T

Score

10^/10

Family

purecrypter

https://onedrive.live.com/download?cid=A113DD34A0D77810&resid=A113DD34A0D77810%21121&authkey=APUVM8ZXD6Jpjd0

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1720	1968	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1720	1968	tmp.exe	27
PID 1968 wrote to memory of 1720	1968	tmp.exe	27
PID 1968 wrote to memory of 1720	1968	tmp.exe	27
PID 1968 wrote to memory of 1720	1968	tmp.exe	27

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 1756
  2⤵
  - Program crash
  PID:1720

memory/1968-54-0x0000000001030000-0x0000000001038000-memory.dmp

Filesize
32KB

Download
memory/1968-55-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download