Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
28-03-2024 01:58
Behavioral task
behavioral1
Sample
Product list.scr
Resource
win7-20231129-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
Product list.scr
Resource
win10v2004-20240226-en
windows10-2004-x64
10 signatures
150 seconds
General
-
Target
Product list.scr
-
Size
261KB
-
MD5
740c71fa7480df0ca835b842c466d190
-
SHA1
a495afbf5175fb7c31d5bb79ab5bdefa5842ee40
-
SHA256
769e8c82f191a58829d7c5b460b80b6242a2f9b906c3a9b98e0b87fd83c88205
-
SHA512
28978c02bed5a684b724a0ec91f50d5e44f6baae7f860ad29d24f133a5b1693f7f4232bdfc1ef0babc79284d2ee8c4630b31370c5acee2243c49f7b33f3b23ea
-
SSDEEP
6144:iazT6ew3igBm7IGxRsS71IagwsUKl0zRcP8Ya:ian6emLBm7IGxRsSpsUKx8N
Score
10/10
Malware Config
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2968-0-0x0000000000190000-0x00000000001D6000-memory.dmp family_purelog_stealer behavioral1/memory/2968-5-0x0000000004890000-0x00000000048D0000-memory.dmp family_purelog_stealer -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Product list.scrdescription pid process Token: SeDebugPrivilege 2968 Product list.scr
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2968-0-0x0000000000190000-0x00000000001D6000-memory.dmpFilesize
280KB
-
memory/2968-1-0x0000000074B40000-0x000000007522E000-memory.dmpFilesize
6.9MB
-
memory/2968-2-0x0000000004890000-0x00000000048D0000-memory.dmpFilesize
256KB
-
memory/2968-3-0x0000000000270000-0x0000000000278000-memory.dmpFilesize
32KB
-
memory/2968-4-0x0000000074B40000-0x000000007522E000-memory.dmpFilesize
6.9MB
-
memory/2968-5-0x0000000004890000-0x00000000048D0000-memory.dmpFilesize
256KB