Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    15-03-2024 08:12

General

  • Target

    1C24TTC_00000020.exe

  • Size

    409KB

  • MD5

    a64f48e05fc7d21131ee7f86181413b0

  • SHA1

    5f34901b97296aa07e210810bbf75269a2701113

  • SHA256

    f5872c6b688de34eb008a355b6d2106c2a3260f44df4747fb4eaeb26beedde08

  • SHA512

    af4c41f4d6da19ef88b037ba8498057e5bff7460b4c7abc604652898ed775dc547e06627618d422e6f3396b7dbb6a9388f5db46c56d08dabf02b3df5e5355ff4

  • SSDEEP

    1536:jxGspx6tjTBchm0hOrtHhYJu6RlXKd+8kGoY5arTKyAWNHRjmz+4H444lM:1LUzAetBeW+8kGP5arTKyjxh4H444lM

Score
10/10

Malware Config

Signatures

  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

  • PureLog Stealer payload 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1C24TTC_00000020.exe
    "C:\Users\Admin\AppData\Local\Temp\1C24TTC_00000020.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2204-0-0x0000000000BC0000-0x0000000000C2C000-memory.dmp

    Filesize

    432KB

  • memory/2204-1-0x0000000074010000-0x00000000746FE000-memory.dmp

    Filesize

    6.9MB

  • memory/2204-2-0x0000000000500000-0x0000000000540000-memory.dmp

    Filesize

    256KB

  • memory/2204-3-0x00000000003E0000-0x00000000003E6000-memory.dmp

    Filesize

    24KB

  • memory/2204-4-0x0000000074010000-0x00000000746FE000-memory.dmp

    Filesize

    6.9MB

  • memory/2204-5-0x0000000000500000-0x0000000000540000-memory.dmp

    Filesize

    256KB