Overview

overview

10

Static

static

10

d2eaaa542a...18.exe

windows7-x64

10

d2eaaa542a...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-04-2024 11:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2eaaa542a2968b2a9ebe288166779e8_JaffaCakes118.exe

  • Size

    63KB

  • MD5

    d2eaaa542a2968b2a9ebe288166779e8

  • SHA1

    37bcd26dcd35f9dd16bd8aff7cad425f3898309c

  • SHA256

    f605ba8fe94eb367829b61cd05eb5b07f4702b55f2a0faf51589cb46dd6f89a9

  • SHA512

    059a1aed6e654fb4465e11f7a0687ac4e6ec0bc17f4ca2726f1bf4f069c1c757b3577d0dd3e5f5b31cfd9e7c0750ffd2880da31053f5ad8f258227029df3e89a

  • SSDEEP

    768:7KpPFoHQ5H2YScYeFevyJrkcvPhOS4/Vi3xnehErtX+GsM4:7Ed5HJScYe+QzPhOvVihneW9+N

Score
10/10
purecrypterdownloaderloader

Malware Config

Extracted

Family

purecrypter

C2

https://store2.gofile.io/download/d457f6f3-9301-4ee3-8492-c3d74098cf83/Tbibzbhpin.dll

Signatures

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2eaaa542a2968b2a9ebe288166779e8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d2eaaa542a2968b2a9ebe288166779e8_JaffaCakes118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2988
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 1796
      2⤵
      • Program crash
      PID:3928
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2988 -ip 2988
    1⤵
      PID:4764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2988-1-0x0000000074530000-0x0000000074CE0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2988-0-0x0000000000360000-0x0000000000376000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2988-2-0x0000000005040000-0x0000000005050000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2988-3-0x0000000074530000-0x0000000074CE0000-memory.dmp

      Filesize

      7.7MB

      Download