purecrypter | 868236b1d2af78d95d70b48ecbaff46082e9e268693300e4fcc367ed78e90893

Analysis

max time kernel
70s
max time network
63s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
13-08-2023 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fn Cheetos(2)/main.exe
Size

84KB
MD5

049875a9df6e7f325cdb8f8c8f28122b
SHA1

a59be953046a40e80d3e24dffb819f45c93967e3
SHA256

42557243c9b25077fccc14a639ddaf1d95f14924f7d72323b0b309d012ef558a
SHA512

68c1d66c3caa40a210c973fb9fc6bb05f1261778501391c18f4c01a44fc4225ec4e3c22816b3a09ab686bea307aee14b84c49ace248206e289dd3d0d98511782
SSDEEP

768:37d0yO4PrqefHHIKwW8X8hD/lL0WpWEtReGbCG/ltdJ:3u4PFhLZ0EtRe4CG/3dJ

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

https://files.catbox.moe/oe71uc.mp4

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2956 set thread context of 1336	2956	main.exe	70

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2956	main.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70
PID 2956 wrote to memory of 1336	2956	main.exe	70

C:\Users\Admin\AppData\Local\Temp\Fn Cheetos(2)\main.exe
"C:\Users\Admin\AppData\Local\Temp\Fn Cheetos(2)\main.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Fn Cheetos(2)\main.exe
  "C:\Users\Admin\AppData\Local\Temp\Fn Cheetos(2)\main.exe"
  2⤵
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-1207-0x0000000140000000-0x00000001409E4000-memory.dmp

Filesize
9.9MB

Download
memory/2956-155-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-121-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-120-0x000001CA75240000-0x000001CA759C0000-memory.dmp

Filesize
7.5MB

Download
memory/2956-117-0x000001CA59D50000-0x000001CA59D6A000-memory.dmp

Filesize
104KB

Download
memory/2956-122-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-124-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-126-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-128-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-130-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-132-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-134-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-136-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-138-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-140-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-142-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-157-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-146-0x00007FFB75EB0000-0x00007FFB7689C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-147-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-149-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-151-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-1206-0x00007FFB75EB0000-0x00007FFB7689C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-119-0x000001CA74470000-0x000001CA74480000-memory.dmp

Filesize
64KB

Download
memory/2956-144-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-159-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-161-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-163-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-165-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-167-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-169-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-172-0x000001CA74470000-0x000001CA74480000-memory.dmp

Filesize
64KB

Download
memory/2956-171-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-174-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-176-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-178-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-180-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-182-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-184-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-186-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-1199-0x000001CA74280000-0x000001CA74281000-memory.dmp

Filesize
4KB

Download
memory/2956-1200-0x000001CA759C0000-0x000001CA760BA000-memory.dmp

Filesize
7.0MB

Download
memory/2956-1201-0x000001CA74420000-0x000001CA7446C000-memory.dmp

Filesize
304KB

Download
memory/2956-153-0x000001CA75240000-0x000001CA759B9000-memory.dmp

Filesize
7.5MB

Download
memory/2956-118-0x00007FFB75EB0000-0x00007FFB7689C000-memory.dmp

Filesize
9.9MB

Download