purecrypter | 9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2

Analysis

max time kernel
295s
max time network
299s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-03-2024 22:39

Target

9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe
Size

16KB
MD5

be5041fb817fe1edf7e6c487db9b5534
SHA1

38040d570af54917957504bd88ab7c555e0ee3ba
SHA256

9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2
SHA512

8a0200768436ec3e06b11b2447136720af887398d37bc3e635dd417b5dfd86734f8ebc425ed1e8eb2b2689838f3acda0f9a3f6192a54460b4da1027112d28e62
SSDEEP

384:XZ5sjmrXdBJsVbWcoWj7/D1IDBRJJSrxGw6lx87Pr:p5sjmtsV7PI1PmkEr

Score

10^/10

Family

purecrypter

http://41.216.183.153/no/dontlook/re/research/Kofdzsxxr.mp3

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2112	9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe

C:\Users\Admin\AppData\Local\Temp\9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe
"C:\Users\Admin\AppData\Local\Temp\9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2112

memory/2112-0-0x0000000000F80000-0x0000000000F88000-memory.dmp

Filesize
32KB

Download
memory/2112-1-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-2-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download
memory/2112-3-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

Filesize
9.9MB

Download
memory/2112-4-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download