purecrypter | 8650dcaece1489d98b7f6782ae638de33797f2a1018f949ec270054f0893aea0

Analysis

max time kernel
30s
max time network
36s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 17:15

Target

tmp.exe
Size

6KB
MD5

48a13c217c965ed66e5d6c018b89217b
SHA1

2d8b62d02c73e7e2fc367fc64b51350564c7acb4
SHA256

8650dcaece1489d98b7f6782ae638de33797f2a1018f949ec270054f0893aea0
SHA512

b0e5556ad36a74ddfbbbfcd94f04635a614bc70d159aaab8fb540ecd0d823e14c2ed8687b95943cd992b434c37c9bfaa04db79c62f9d654b85616f45d275802a
SSDEEP

96:4rs7rOMGPGDupbGL7g8y23I6mUUWH78kVl6l2xzNt:oKrsPGDupKL7nNhVlk2T

Score

10^/10

Family

purecrypter

https://onedrive.live.com/download?cid=A113DD34A0D77810&resid=A113DD34A0D77810%21121&authkey=APUVM8ZXD6Jpjd0

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1600	1336	WerFault.exe	19

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1336	tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 1600	1336	tmp.exe	28
PID 1336 wrote to memory of 1600	1336	tmp.exe	28
PID 1336 wrote to memory of 1600	1336	tmp.exe	28
PID 1336 wrote to memory of 1600	1336	tmp.exe	28

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 1780
  2⤵
  - Program crash
  PID:1600

memory/1336-54-0x0000000000B00000-0x0000000000B08000-memory.dmp

Filesize
32KB

Download
memory/1336-55-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download