purecrypter | abccee4556d532981bd1a3a36b92e9563c880eb93517ba677417741dbafe302a

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 07:25

Target

0x000400000001e68a-147.exe
Size

24KB
MD5

7d046ce10b24412f4506c433cfe0747d
SHA1

5a96afd11e493c5eddd1f335e7228868d666c787
SHA256

abccee4556d532981bd1a3a36b92e9563c880eb93517ba677417741dbafe302a
SHA512

03e78a3113526b6fd29e8379390c01b0fd6407aa55b96ffce331b2da780305bc43710a92649b3db617d2a26186db663f2816f8e47bb3955257625971d751d4f9
SSDEEP

96:Mmc26NAcJs979+IlucMLG0eRJNlCWonD8JNQmkTKNiRB4e3T3eNo005brzNt:MfJ3IkIQLGLXaWtYTKrj+J

Score

10^/10

Family

purecrypter

http://modeloartesanatos.com.br/wp-admin/images/Zqchb.bmp

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1348	3632	WerFault.exe	64

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3632	0x000400000001e68a-147.exe

C:\Users\Admin\AppData\Local\Temp\0x000400000001e68a-147.exe
"C:\Users\Admin\AppData\Local\Temp\0x000400000001e68a-147.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 1696
  2⤵
  - Program crash
  PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3632 -ip 3632
1⤵
PID:1376

memory/3632-132-0x00000000001A0000-0x00000000001AC000-memory.dmp

Filesize
48KB

Download