purecrypter | 8cc440eff0de4c70b4427d2d0332dd8ccbadb36ead79bd1db5bc67b665bd3fe2

Analysis

max time kernel
123s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22-08-2023 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ödeme 31722.exe
Size

19KB
MD5

63d5a76a6fa8e241653df907c8f048e7
SHA1

19d3f1f51eede4e7c9bedd6e3efbdeb39a2c0f55
SHA256

8cc440eff0de4c70b4427d2d0332dd8ccbadb36ead79bd1db5bc67b665bd3fe2
SHA512

a9863593ea942ca5cf257f00bb359e6e00245851ab38a6d8fdd818bf5c8a4760bf6dc6561cab3bfed93774fb5e9b4a183ab051526aaa8c83238d83f80175e6f2
SSDEEP

384:3TXhfwbvS+GPBXaJNM4smfzxmi/f4Fo1Y7rDfA:3dwYP4NMK3aU

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

https://onedrive.live.com/download?resid=969678C66048EAA5%21285&authkey=!AC3E8HxO1kVosi0

Signatures

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tkzorblw.vbs	Ödeme 31722.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3004 set thread context of 4712	3004	Ödeme 31722.exe	91

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4712	MSBuild.exe
4712	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3004	Ödeme 31722.exe
Token: SeDebugPrivilege	4712	MSBuild.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91
PID 3004 wrote to memory of 4712	3004	Ödeme 31722.exe	91

C:\Users\Admin\AppData\Local\Temp\Ödeme 31722.exe
"C:\Users\Admin\AppData\Local\Temp\Ödeme 31722.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3004-134-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/3004-133-0x00000000005B0000-0x00000000005BC000-memory.dmp

Filesize
48KB

Download
memory/3004-135-0x0000000005490000-0x0000000005A34000-memory.dmp

Filesize
5.6MB

Download
memory/3004-136-0x0000000004FC0000-0x0000000005052000-memory.dmp

Filesize
584KB

Download
memory/3004-137-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/3004-138-0x0000000004F70000-0x0000000004F7A000-memory.dmp

Filesize
40KB

Download
memory/3004-139-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-140-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-142-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-144-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-146-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-148-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-150-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-152-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-154-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-156-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-158-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-160-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-162-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-164-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-166-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-168-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-170-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-172-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-174-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-176-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-178-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-182-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-180-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-184-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-186-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-190-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-188-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-192-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-194-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-196-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-198-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-200-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-202-0x0000000008D60000-0x0000000008E25000-memory.dmp

Filesize
788KB

Download
memory/3004-916-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/3004-1216-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/3004-1217-0x00000000082E0000-0x00000000082E1000-memory.dmp

Filesize
4KB

Download
memory/3004-1218-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/3004-1219-0x0000000005170000-0x0000000005180000-memory.dmp

Filesize
64KB

Download
memory/3004-1226-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4712-1225-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4712-1224-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4712-1227-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/4712-1228-0x0000000005730000-0x0000000005796000-memory.dmp

Filesize
408KB

Download
memory/4712-1229-0x00000000064F0000-0x0000000006540000-memory.dmp

Filesize
320KB

Download
memory/4712-1230-0x0000000074F70000-0x0000000075720000-memory.dmp

Filesize
7.7MB

Download
memory/4712-1231-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download