Overview

overview

10

Static

static

10

f1abca8d73...c7.exe

windows7-x64

10

f1abca8d73...c7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05-04-2023 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f1abca8d739cca8a00122dbe15ac461e0b0114451e351c339bec22b585e488c7.exe

  • Size

    93KB

  • MD5

    46933a777b413e9c28c7207134688e72

  • SHA1

    798abea70f227ef181f0b22b05ab4503b0cb86e1

  • SHA256

    f1abca8d739cca8a00122dbe15ac461e0b0114451e351c339bec22b585e488c7

  • SHA512

    de9d02c14ce55f93efe35611541a979f751b4261e71050c86cf88f99957c69d8e17228f63ea68f8f427a7257dcec8e072a9d528742a9a52cad51ffac675618bf

  • SSDEEP

    1536:tZ4ZDtuztig8TxWJA1MxkihCzW9LvMLOkoscI9upQI7PPxB:bqk8TUJA15zqLkLOkoU9uiI7xB

Score
10/10
purecrypterdownloaderloader

Malware Config

Extracted

Family

purecrypter

C2

http://www.acrobat-adobe.com/nmAfUliC/Txkbrexik.dat

Signatures

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1abca8d739cca8a00122dbe15ac461e0b0114451e351c339bec22b585e488c7.exe
    "C:\Users\Admin\AppData\Local\Temp\f1abca8d739cca8a00122dbe15ac461e0b0114451e351c339bec22b585e488c7.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1952-54-0x0000000000BB0000-0x0000000000BCA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1952-55-0x0000000000B40000-0x0000000000B80000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1952-56-0x0000000000B40000-0x0000000000B80000-memory.dmp

    Filesize

    256KB

    Download