purecrypter | e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0 | Triage

Resubmissions

17-04-2023 11:35

230417-nqbpyadh76 10

23-02-2023 15:13

230223-slr9caab3w 10

Analysis

max time kernel
300s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2023 11:35

Sharing

Report Analysis Logs

General

Target

tmp.exe
Size

25KB
MD5

30b5426ee9183f43fba9a8a6b6b32b97
SHA1

d0b8cde6d8c38e294ce6275b0f935677b07d2202
SHA256

e18cf6502122b168dac6c932cd89739e313154ee9b73d6ddd692d4ad990aceb0
SHA512

adef79c0748b1e8c274f93879c1c068e0d54b88de94fbb01d4d51bd222a6493f8d2cc68f53adab5407bd59249dfa2fdbc8f511bbec3613772591b0ea4d79afaf
SSDEEP

96:jFQgbeIBVLyrgoJ/sTfNILBevmXR5MMRWnwLoLEk8LfjNiRB4e3T3ew5tvEzNt:jFhyIaUo/sTfNILwEfdRTLat8LLGTvu

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

C2

http://argentum.com.br/well-known/acme-challenge/k/h/d/g/Pjogwzrhh.bmp

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3116	tmp.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3116-133-0x0000000000FF0000-0x0000000000FFC000-memory.dmp

Filesize
48KB

Download
memory/3116-134-0x0000000005AC0000-0x0000000005AD0000-memory.dmp

Filesize
64KB

Download
memory/3116-135-0x0000000005AC0000-0x0000000005AD0000-memory.dmp

Filesize
64KB

Download