purecrypter | 7529970855e64a5bef4c31b4670348e21810c56ccc1bfaba8ddfd50cf483b863

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 13:38

Target

6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe
Size

34KB
MD5

67fd732ee69588cb09b316346bc61ee1
SHA1

f40f54c139277019cf58ef57469af6794bed7e94
SHA256

6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e
SHA512

7ac8e75dad8145c99e5cfa5581d4044bbdb69a86e51102f32625f491ece716484a8e3b4a6d6dfd5d541ebb11eaaa4f19aaeaa6624eaef8ba3defa41c5544863b
SSDEEP

768:tJ1Y2317XpwE3sKfkCbJokUP/W1BqpBo/P6:tJ1N71D6xP/WLq8P6

Score

10^/10

Family

purecrypter

http://80.66.75.116/Kkxdfj.dll

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2988	2536	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2536	6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2988	2536	6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe	30
PID 2536 wrote to memory of 2988	2536	6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe	30
PID 2536 wrote to memory of 2988	2536	6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe	30
PID 2536 wrote to memory of 2988	2536	6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe	30

C:\Users\Admin\AppData\Local\Temp\6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe
"C:\Users\Admin\AppData\Local\Temp\6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 864
  2⤵
  - Program crash
  PID:2988

memory/2536-0-0x0000000000980000-0x000000000098E000-memory.dmp

Filesize
56KB

Download
memory/2536-1-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/2536-2-0x0000000004460000-0x00000000044A0000-memory.dmp

Filesize
256KB

Download
memory/2536-3-0x0000000074270000-0x000000007495E000-memory.dmp

Filesize
6.9MB

Download
memory/2536-4-0x0000000004460000-0x00000000044A0000-memory.dmp

Filesize
256KB

Download