Malware Analysis Report

2024-11-30 21:48

Sample ID 230210-aqr52afc43
Target a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721
SHA256 a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721
Tags
purecrypter downloader loader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721

Threat Level: Known bad

The file a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721 was found to be: Known bad.

Malicious Activity Summary

purecrypter downloader loader

Purecrypter family

PureCrypter

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-10 00:25

Signatures

Purecrypter family

purecrypter

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-10 00:25

Reported

2023-02-10 00:28

Platform

win7-20220812-en

Max time kernel

124s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe

"C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe"

Network

Country Destination Domain Proto
RU 80.66.75.36:80 80.66.75.36 tcp

Files

memory/1728-54-0x0000000000D60000-0x0000000000D68000-memory.dmp

memory/1728-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

memory/1728-56-0x0000000004BF5000-0x0000000004C06000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-10 00:25

Reported

2023-02-10 00:29

Platform

win10v2004-20221111-en

Max time kernel

176s

Max time network

192s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe"

Signatures

PureCrypter

loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe

"C:\Users\Admin\AppData\Local\Temp\a824d18b02ec70f3e1d8a976243e45eec0ee05d0997ae4784c5fee30ff54d721.exe"

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 52.182.143.208:443 tcp
RU 80.66.75.36:80 80.66.75.36 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 8.8.8.8:53 14.110.152.52.in-addr.arpa udp
US 8.8.8.8:53 a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa udp

Files

memory/4892-132-0x00000000004B0000-0x00000000004B8000-memory.dmp

memory/4892-133-0x0000000005420000-0x00000000059C4000-memory.dmp

memory/4892-134-0x0000000004E70000-0x0000000004F02000-memory.dmp

memory/4892-135-0x0000000004F10000-0x0000000004F1A000-memory.dmp