purecrypter | 07de6638063067028829c82415ff79f91e94bd4e0b810aa9abdbc76d38449083

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 18:31

Target

be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375.exe
Size

21KB
MD5

e4386f6d81e66e8fe33c78e171d5bb43
SHA1

c64b17aae0f711d316bf250e5d1c90158549fe6e
SHA256

be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375
SHA512

e4b6db1e0e3a1e41caac4993cd2f2924b6de072c07d937fabb0ca64a5ff5ce76a8a2b77a78f72e22addcab3c37b209509c8557c4899290d81d6e006ee36b92cd
SSDEEP

384:GGZourLJL5+tZSHoH6Mp7e2BQHkx/jvkKSO8SnRr96W:ZZo4mtZIMZeG/rg4RoW

Score

10^/10

Family

purecrypter

https://endirect2.fr/loader/uploads/progzone_Cakmfjqe.jpg

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375.exe

description	pid	Process
Token: SeDebugPrivilege	1636	be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375.exe

C:\Users\Admin\AppData\Local\Temp\be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375.exe
"C:\Users\Admin\AppData\Local\Temp\be276e7b9e59a10d513ac473dc9b78c9218d451eb2df47f68e4f51e19270d375.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1636

memory/1636-0-0x0000000001140000-0x000000000114A000-memory.dmp

Filesize
40KB

Download
memory/1636-1-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/1636-2-0x0000000004AA0000-0x0000000004AE0000-memory.dmp

Filesize
256KB

Download
memory/1636-3-0x0000000074880000-0x0000000074F6E000-memory.dmp

Filesize
6.9MB

Download
memory/1636-4-0x0000000004AA0000-0x0000000004AE0000-memory.dmp

Filesize
256KB

Download