Overview

overview

10

Static

static

10

cf6f2f6fd2...6c.exe

windows7-x64

10

cf6f2f6fd2...6c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    96s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/03/2023, 05:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cf6f2f6fd2c10a069000d167b411436c.exe

  • Size

    15KB

  • MD5

    cf6f2f6fd2c10a069000d167b411436c

  • SHA1

    ae635338bba2673debcf2b0f1113471637501a11

  • SHA256

    034a1dfbf4a48be349bb1da32f5ce96bf0719cdad33508fbd13e1ca67d3852b7

  • SHA512

    c7448c689f0d41782c5cbfdaa7fcc22404efcd12e5be5890d12b79c28f3cd02844eb6470ac67333f117242d471dd32341b1ebd5b0e75bc8a1b96eb46c72e8828

  • SSDEEP

    192:UUaOTYEveSX5KHl0lZF1DvqKK5yqAq/m9GIhRCMGNMlT1yL+nLL4a:YOTBBX4F0lZFpSKUs/IlP+n/4

Score
10/10
purecrypterdownloaderloader

Malware Config

Extracted

Family

purecrypter

C2

http://104.168.45.20/Bepvztnul.bmp

Signatures

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf6f2f6fd2c10a069000d167b411436c.exe
    "C:\Users\Admin\AppData\Local\Temp\cf6f2f6fd2c10a069000d167b411436c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1208
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 1424
      2⤵
      • Program crash
      PID:1904
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1208 -ip 1208
    1⤵
      PID:5080

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1208-133-0x0000000000490000-0x000000000049A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/1208-134-0x00000000053E0000-0x0000000005984000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/1208-135-0x0000000004ED0000-0x0000000004F62000-memory.dmp

            Filesize

            584KB

            Download

          • memory/1208-136-0x00000000050C0000-0x00000000050D0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1208-137-0x00000000050C0000-0x00000000050D0000-memory.dmp

            Filesize

            64KB

            Download