purecrypter | dce05561ae5582a0a5e716dcd273ed4b9359eb5a2fb556d103c63dc75f03622e

Analysis

max time kernel
92s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-03-2023 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

1.3MB
MD5

7b36da4da4db96852a59a1a428554a55
SHA1

9b5d0528b3f85f54f5aae5305a9f602e0a4ae834
SHA256

dce05561ae5582a0a5e716dcd273ed4b9359eb5a2fb556d103c63dc75f03622e
SHA512

828634d3b27f246ed0988a397cead98c0bd6e9023525e0069cb8e57581d53e7066bc92998c6f8d76c4713b79de8f35ffb28323b5dfec0e0f6fa304217738d5cf
SSDEEP

24576:R+DS4BrH+eG0G+dqeUh80qIMt6RvXWpBtnZ6Nk3:R+DS4BqeI+drIzRPmBtZyk

Score

10^/10

purecrypter downloader loader

Malware Config

Signatures

Detect PureCrypter injector 34 IoCs

loader

resource	yara_rule
behavioral1/memory/1100-55-0x0000000004E50000-0x00000000050CC000-memory.dmp	family_purecrypter
behavioral1/memory/1100-57-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-56-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-59-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-61-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-64-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-66-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-68-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-70-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-72-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-74-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-76-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-78-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-80-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-82-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-84-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-86-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-88-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-90-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-92-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-94-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-96-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-98-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-100-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-102-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-104-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-106-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-108-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-110-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-112-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-114-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-116-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-118-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter
behavioral1/memory/1100-120-0x0000000004E50000-0x00000000050C6000-memory.dmp	family_purecrypter

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1100-54-0x0000000001350000-0x0000000001498000-memory.dmp

Filesize
1.3MB

Download
memory/1100-55-0x0000000004E50000-0x00000000050CC000-memory.dmp

Filesize
2.5MB

Download
memory/1100-57-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-56-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-59-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-61-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-64-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-63-0x0000000001290000-0x00000000012D0000-memory.dmp

Filesize
256KB

Download
memory/1100-66-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-68-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-70-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-72-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-74-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-76-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-78-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-80-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-82-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-84-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-86-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-88-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-90-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-92-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-94-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-96-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-98-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-100-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-102-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-104-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-106-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-108-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-110-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-112-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-114-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-116-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-118-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-120-0x0000000004E50000-0x00000000050C6000-memory.dmp

Filesize
2.5MB

Download
memory/1100-585-0x0000000001290000-0x00000000012D0000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads