purecrypter | 1d959cf6e366a2217cfef71d9df9e9835c2b1bd7e21b73f345ca621fb05e289e

Analysis

max time kernel
130s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 18:20

Target

ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891.exe
Size

21KB
MD5

35cc4765d727bf4b90d8995fa2fc76a1
SHA1

a11d84bf91ec714ff173a3696efe6313d444e0fc
SHA256

ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891
SHA512

c422afdb3f3651cddef4d34c5895ff272b5e75041ad5b102790accd25703a41a1f77958ccf53d9baaa2d9e623435e934d4bff095696a41b3e50847cadc628a0f
SSDEEP

384:lLaqknFcv/8hQdCreXXR9hkNkCcw9Uh+ET:5nkFnE9AkbE+

Score

10^/10

Family

purecrypter

https://dweb.link/ipfs/QmQZwo24sTz9krEKDvs4oFbPqeZq6ECYP81aqMx2Bdc7ES?filename=Mnzxgfx_Rbhpuzuo.jpg

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1544	ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891.exe

C:\Users\Admin\AppData\Local\Temp\ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891.exe
"C:\Users\Admin\AppData\Local\Temp\ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1544

memory/1544-1-0x0000000074430000-0x0000000074B1E000-memory.dmp

Filesize
6.9MB

Download
memory/1544-0-0x0000000000F70000-0x0000000000F7C000-memory.dmp

Filesize
48KB

Download
memory/1544-2-0x0000000004C80000-0x0000000004CC0000-memory.dmp

Filesize
256KB

Download
memory/1544-3-0x0000000074430000-0x0000000074B1E000-memory.dmp

Filesize
6.9MB

Download
memory/1544-4-0x0000000004C80000-0x0000000004CC0000-memory.dmp

Filesize
256KB

Download