purecrypter | 13df95cc4f92ffd056e353d26493f69b53667970de247808b7f1e2de95dae364 | Triage

Analysis

max time kernel
147s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-02-2023 21:49

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

7KB
MD5

45cd89fa28924bd2390d6948d1ee11f6
SHA1

75110b387762c2f59116fef0709d2a5d23e13c2d
SHA256

13df95cc4f92ffd056e353d26493f69b53667970de247808b7f1e2de95dae364
SHA512

1e24fb83b702eb66f5d4fe8df2ff761d42c5fb44ff7bca0342a9d0b0055f0493b6e1b0686d733878ee6172ff73ab64d50750a0f2f88822a77f088e4c0f0fc6d9
SSDEEP

96:UoFQgbeMBVLPCyWUyxtL9UvpvR5IMvW+7f7LEkQWQQCjzNt:UoFhyMfyxtL+tfhvfLtZQpl

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

C2

https://naadhira.store/panel/uploads/services_Cuepxqhr.jpg

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1376	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-54-0x0000000000AA0000-0x0000000000AA8000-memory.dmp

Filesize
32KB

Download
memory/1376-55-0x0000000000760000-0x00000000007A0000-memory.dmp

Filesize
256KB

Download