purecrypter | 9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2024 03:04

Target

9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe
Size

16KB
MD5

be5041fb817fe1edf7e6c487db9b5534
SHA1

38040d570af54917957504bd88ab7c555e0ee3ba
SHA256

9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2
SHA512

8a0200768436ec3e06b11b2447136720af887398d37bc3e635dd417b5dfd86734f8ebc425ed1e8eb2b2689838f3acda0f9a3f6192a54460b4da1027112d28e62
SSDEEP

384:XZ5sjmrXdBJsVbWcoWj7/D1IDBRJJSrxGw6lx87Pr:p5sjmtsV7PI1PmkEr

Score

10^/10

Family

purecrypter

http://41.216.183.153/no/dontlook/re/research/Kofdzsxxr.mp3

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4584	9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe

C:\Users\Admin\AppData\Local\Temp\9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe
"C:\Users\Admin\AppData\Local\Temp\9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4584

memory/4584-0-0x0000025DB73A0000-0x0000025DB73A8000-memory.dmp

Filesize
32KB

Download
memory/4584-1-0x00007FFA38810000-0x00007FFA392D1000-memory.dmp

Filesize
10.8MB

Download
memory/4584-2-0x0000025DB7780000-0x0000025DB7790000-memory.dmp

Filesize
64KB

Download
memory/4584-3-0x00007FFA38810000-0x00007FFA392D1000-memory.dmp

Filesize
10.8MB

Download
memory/4584-4-0x0000025DB7780000-0x0000025DB7790000-memory.dmp

Filesize
64KB

Download