purecrypter | 073a9a5eaf10598b2ebf99094fc29e04778ee7272319687d04c53f3d903de94c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2024 04:05

Target

4ca7ad65e21778c4ec8fab5129260d32_JaffaCakes118.exe
Size

28KB
MD5

4ca7ad65e21778c4ec8fab5129260d32
SHA1

461ae78946a55078590300798f08bc00e0e10d9d
SHA256

073a9a5eaf10598b2ebf99094fc29e04778ee7272319687d04c53f3d903de94c
SHA512

31b22762c0fb2d3d6c39bb5bd94c322a7d13cd6c5fd297e79955cd0095cbd4aaf7f4ab208ac304bf3069ce218a733dae6ac85d65cf15995bcbe649ad705820e8
SSDEEP

384:AxYcSYE/AbtbbjG2w1/ztG/IbM9noIUEJLzS88I/:A6UEgGmoUL

Score

10^/10

Family

purecrypter

https://store2.gofile.io/download/fdd80845-961b-46c7-a15d-0aedbdce6384/Gxetichiqsm.dll

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1780	4324	WerFault.exe	85

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4324	4ca7ad65e21778c4ec8fab5129260d32_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\4ca7ad65e21778c4ec8fab5129260d32_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ca7ad65e21778c4ec8fab5129260d32_JaffaCakes118.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 1808
  2⤵
  - Program crash
  PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4324 -ip 4324
1⤵
PID:1700

memory/4324-0-0x0000000000740000-0x000000000074E000-memory.dmp

Filesize
56KB

Download
memory/4324-1-0x0000000075280000-0x0000000075A30000-memory.dmp

Filesize
7.7MB

Download
memory/4324-2-0x0000000005320000-0x0000000005330000-memory.dmp

Filesize
64KB

Download
memory/4324-3-0x0000000075280000-0x0000000075A30000-memory.dmp

Filesize
7.7MB

Download