purecrypter | 780b6ba7fa2126b7f172c23c31474b2eedbd2ac9cd0018c5763f77213995a56b

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-02-2023 09:23

Target

ID180717.exe
Size

5KB
MD5

7339a847d0f1ca1691330101fc02d5bf
SHA1

35782cd13a72166a37f77e505f69ee20921d7759
SHA256

780b6ba7fa2126b7f172c23c31474b2eedbd2ac9cd0018c5763f77213995a56b
SHA512

0f7974a6211f95b84a75a0681c3076df543756a19fb1ec5999049f4dff64ba0d4af622a9efa944ae1f70845bc439f666cdc867be18a06dd36c09ec208f0b9885
SSDEEP

48:6uwuF4FM1qnXGSsThsfATgQpXVKPYMIjLIMJMQGAg4MGR7P7XencMsdqBHtitiOv:uWIXbseoTg09dZGAl9P7XgGksnUBzNt

Score

10^/10

Family

purecrypter

https://carlcederlaw.com/thh/Uzsggeh.dat

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1800	1260	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1260	ID180717.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 1800	1260	ID180717.exe	27
PID 1260 wrote to memory of 1800	1260	ID180717.exe	27
PID 1260 wrote to memory of 1800	1260	ID180717.exe	27
PID 1260 wrote to memory of 1800	1260	ID180717.exe	27

C:\Users\Admin\AppData\Local\Temp\ID180717.exe
"C:\Users\Admin\AppData\Local\Temp\ID180717.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 1728
  2⤵
  - Program crash
  PID:1800

memory/1260-54-0x00000000009C0000-0x00000000009C8000-memory.dmp

Filesize
32KB

Download
memory/1260-55-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download