purecrypter | 42557243c9b25077fccc14a639ddaf1d95f14924f7d72323b0b309d012ef558a

Resubmissions

15-08-2023 00:54

230815-a87nfagb22 10

Analysis

max time kernel
53s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

84KB
MD5

049875a9df6e7f325cdb8f8c8f28122b
SHA1

a59be953046a40e80d3e24dffb819f45c93967e3
SHA256

42557243c9b25077fccc14a639ddaf1d95f14924f7d72323b0b309d012ef558a
SHA512

68c1d66c3caa40a210c973fb9fc6bb05f1261778501391c18f4c01a44fc4225ec4e3c22816b3a09ab686bea307aee14b84c49ace248206e289dd3d0d98511782
SSDEEP

768:37d0yO4PrqefHHIKwW8X8hD/lL0WpWEtReGbCG/ltdJ:3u4PFhLZ0EtRe4CG/3dJ

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

https://files.catbox.moe/oe71uc.mp4

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2844	main.exe
Token: SeDebugPrivilege	1668	main.exe
Token: SeDebugPrivilege	4688	main.exe
Token: SeDebugPrivilege	3364	main.exe
Token: SeDebugPrivilege	3000	main.exe
Token: SeDebugPrivilege	4020	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1668

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4688

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3364

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3000

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4020

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
PID:1100

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
PID:3372

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
PID:4276

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:2464

C:\Users\Admin\Desktop\main.exe
"C:\Users\Admin\Desktop\main.exe"
1⤵
PID:780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/780-1171-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/1100-554-0x0000026643E20000-0x0000026643E30000-memory.dmp

Filesize
64KB

Download
memory/1100-535-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/1100-375-0x0000026643E20000-0x0000026643E30000-memory.dmp

Filesize
64KB

Download
memory/1100-370-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/1668-141-0x0000023040AE0000-0x0000023040AF0000-memory.dmp

Filesize
64KB

Download
memory/1668-138-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/1668-139-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/2844-144-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-193-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-143-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-133-0x000001E77FB30000-0x000001E77FB4A000-memory.dmp

Filesize
104KB

Download
memory/2844-146-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-134-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/2844-149-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-155-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-160-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-136-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/2844-167-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-212-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-174-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-135-0x000001E71A300000-0x000001E71A310000-memory.dmp

Filesize
64KB

Download
memory/2844-181-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-187-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/2844-137-0x000001E71A300000-0x000001E71A310000-memory.dmp

Filesize
64KB

Download
memory/2844-201-0x000001E71B1C0000-0x000001E71B939000-memory.dmp

Filesize
7.5MB

Download
memory/3000-173-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/3000-277-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/3364-202-0x000001EC6DBA0000-0x000001EC6DBB0000-memory.dmp

Filesize
64KB

Download
memory/3364-179-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/3364-142-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/3372-631-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/3372-649-0x00000207FA4A0000-0x00000207FA4B0000-memory.dmp

Filesize
64KB

Download
memory/3372-806-0x00000207FA4A0000-0x00000207FA4B0000-memory.dmp

Filesize
64KB

Download
memory/3372-778-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4020-210-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4020-323-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4020-350-0x000001904ADC0000-0x000001904ADD0000-memory.dmp

Filesize
64KB

Download
memory/4276-686-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4276-690-0x000001B8D5830000-0x000001B8D5840000-memory.dmp

Filesize
64KB

Download
memory/4276-829-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4276-859-0x000001B8D5830000-0x000001B8D5840000-memory.dmp

Filesize
64KB

Download
memory/4688-166-0x0000028DF8420000-0x0000028DF8430000-memory.dmp

Filesize
64KB

Download
memory/4688-140-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download
memory/4688-147-0x00007FFC0A060000-0x00007FFC0AB21000-memory.dmp

Filesize
10.8MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads