Overview

overview

10

Static

static

10

Quotation V111K2V.exe

windows7-x64

10

Quotation V111K2V.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 07:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quotation V111K2V.exe

  • Size

    6KB

  • MD5

    ad918477a60ad0ec51338bd30df7bfdf

  • SHA1

    06b780e231275bdcfc9bb9703bd7a70ede44a73c

  • SHA256

    c36f49ce80e9ad92355502e044e74966cdcb1fb64f98da33d23ffc98f80cb067

  • SHA512

    809c26b8c15fdf2c3229509a4874cda472515c4b456272068561e883e1d570eb3066b5762935c5c87d1304dbc4a1f395d2fbdeb2592545105c7696838d61df34

  • SSDEEP

    96:Yp3HyAurB6y0+mtFqZYBRl4gLn40nyEDZDyYzNt:83uu+ewQJn40nyII6

Score
10/10
purecrypterdownloaderloader

Malware Config

Extracted

Family

purecrypter

C2

https://360.asesoriaenfarmacias.com/Rwnpjrqq.vdf

Signatures

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quotation V111K2V.exe
    "C:\Users\Admin\AppData\Local\Temp\Quotation V111K2V.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:652
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3612
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4064
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.0.59992073\573357233" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {452b152d-3355-4db9-9e6a-ee0971fe391f} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 1944 2b57b107758 gpu
        3⤵
          PID:1432
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.1.1843358719\1893460100" -parentBuildID 20221007134813 -prefsHandle 2316 -prefMapHandle 2312 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a44e8b1-cc97-4030-94ae-5ae590c88068} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 2344 2b579841e58 socket
          3⤵
          • Checks processor information in registry
          PID:1456
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.2.2121690773\569773601" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87616a1-41c9-4a27-aad0-196d61110bf7} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3252 2b57de06d58 tab
          3⤵
            PID:2904
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.3.2119782850\147188004" -childID 2 -isForBrowser -prefsHandle 3736 -prefMapHandle 3732 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {596630c4-9b6a-4adf-9b06-328ee3662abf} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3472 2b57eeceb58 tab
            3⤵
              PID:1568
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.4.914189985\581173018" -childID 3 -isForBrowser -prefsHandle 4564 -prefMapHandle 4384 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ce701e-7ebd-40d3-878b-5481f06d65e2} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 4576 2b5800a7f58 tab
              3⤵
                PID:4620
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.5.1440071783\1257093617" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4968 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85d29a10-bc0a-4143-b87b-50c140d2a792} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 4984 2b56616a558 tab
                3⤵
                  PID:3092
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.6.1443274228\1579767424" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2781d913-de05-43b7-b3fb-289e23aedfee} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5096 2b580690558 tab
                  3⤵
                    PID:3592
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.7.169043662\1640712993" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5376 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {891f7bac-2d07-412c-a3f1-49b0622e7ab6} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5296 2b580690b58 tab
                    3⤵
                      PID:3052
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1420 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
                  1⤵
                    PID:6108

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    0004b5739eb774bd967dc1803d6ade75

                    SHA1

                    19d25b98cefe9814c1fcd64fef07ca010b3dd516

                    SHA256

                    2f23917c6a441a038f1b17a6b6e7f4c0557f237f02ded3782a78de96ecbe642d

                    SHA512

                    16815bbfbbfdbc72aececa7cc893853632f0d4545de0084b622e34535408244a556164c02e37257d458f712e5d006806f146564769110373f652442a8c8cf0b6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\c59612d3-aba2-4f25-a7d8-cd4b785cd7e8
                    Filesize

                    11KB

                    MD5

                    ab1345e9a9fbe71a7e33d06be88c01d4

                    SHA1

                    dcf169f1f680bb796027626d56f098908219b089

                    SHA256

                    d7536379943ecd572cf3de73ca2fde1b2f0d6900ec925842bd19aa7bced8c1f2

                    SHA512

                    fc1ee36af372b5499057b10dc3d3d4c46e6371171104e0e3351a7a57e0f66bc1078262a49e882417ba2535a270470aaa72d1f12fe981482ee0006da97f70bf5a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\d2797def-9e78-4c25-beba-19b410a249fa
                    Filesize

                    746B

                    MD5

                    fc971eaff3dce00262ceefe8a4d202fe

                    SHA1

                    5e8edc1b6f54a5d304c29047803715375de0e10b

                    SHA256

                    f8852154514df6e26875a6c9bc1cae911f3024797edf67e9e9553147442f3084

                    SHA512

                    b54f5047ca7f4f4b6fc0c57515c573d37cd5491b6a059a9275722d982adb43b84ebdfd92f30675a707f8dcb044b2e15d18a1f52b96c2a9db04d6f112883c059f

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    8bceeea526cb2bad17d9a8b8274c38ce

                    SHA1

                    752482a179da4adb5a320a986e15bfaba0f17813

                    SHA256

                    65eaad40a7ed43179922f6ec4a1b689a380211dcc89bbe98bee4527d4800d2a2

                    SHA512

                    51f7d685d8755cef35b90bd4e62c5c9299d100aee34f89db2d8fb7a43dd6c50609cdffcf06bd1eebdbcc1ffe635463b71a6007ed9c6720bbfc2ffabc64e57d8b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    c23756e7d3bcf18771a20e512b009d77

                    SHA1

                    ebfb07787fb8392dd4f15a697caaadabd6b10535

                    SHA256

                    162b3e28d0fc4f4f2a6b83020b406ee2f62f16b8d72b123f9570ae314656057e

                    SHA512

                    f95af4f44de8c917f5b9013c5f260b75e1720d8daaacfa6a810e2b71699eff60fd52a3637ea6ef51548346ba89fc2540f96943c582c608257d372f7f0cd03118

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    484226fbac7d65b3dedbf4c3297e4cdc

                    SHA1

                    290782682ede241b1fc6b283c28eca15468e908a

                    SHA256

                    b754e35de2a3200485f9926d0c29430c5bd3aa637cc7d6c3a76f6a9bbf39f790

                    SHA512

                    e3ee0ee8050394fe82ae09479f475d3af281afb3c8ef484c11076dca4f5e54f1814efd165e3682fc4b24e7e7112bb8c52f5f89b9368b8758f832bfc4539465b2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
                    Filesize

                    6KB

                    MD5

                    d49bb8cfc1d59fa3cfe20b8a1c6bf39a

                    SHA1

                    a45ab775ff79dce64edc657bae9ecbd91c8b4a31

                    SHA256

                    e9efcf89a8e8b3af8bbb8144c63a42a976c876d07f8f979e0ef21be9f197d614

                    SHA512

                    952e76a91564ed07aba190cd795d2a2c75f80e9e5c4f1a1d3330dc4493c1c2806ba61ad5e1953af7cf6d42d6ed11ada95adb17b7091f0f910531d5a4bd133348

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4
                    Filesize

                    1KB

                    MD5

                    61509e6f8905cf283cb18f24fb2db927

                    SHA1

                    6627fe74e6469acce87932089e221b249bb571a5

                    SHA256

                    0d8b83d372ab42a9d03d3ad636e90171d810693152410c836af9f36e753776d5

                    SHA512

                    5c9a93c5e98858c489a11b354597abe2c30913b7878d2dd2a6bf6c9c51fd53d43320407728d693bc5e1274aa763ead2ea77bf31216bba235896b579a70a91c0c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
                    Filesize

                    930B

                    MD5

                    917dd7150e3c9b61738ad8643e127c0a

                    SHA1

                    a308c3e61f3c284922d32003df91626b9441353c

                    SHA256

                    dabadc8a0d516fb9a28423e1df65438bd4edcbe325e824b8051ccfede295ee53

                    SHA512

                    8a8cd117ce2a7aeb6c0b911536156da7cb95769d33206579b87aabdad9a906a9a2af3a0738010078a6427ca75a2df81e04727e70e3b0c4a5f875b8215c350b48

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    b01efd0877d8bb4a5d754d6d5a5922cf

                    SHA1

                    6dfaecd4219afbb206185171c64c777e9c73ae21

                    SHA256

                    ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

                    SHA512

                    6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

                    Download Submit

                  • memory/652-0-0x0000000074F3E000-0x0000000074F3F000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/652-2-0x0000000074F30000-0x00000000756E0000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/652-123-0x0000000074F3E000-0x0000000074F3F000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/652-130-0x0000000074F30000-0x00000000756E0000-memory.dmp

                    Filesize

                    7.7MB

                    Download

                  • memory/652-1-0x0000000000490000-0x0000000000498000-memory.dmp

                    Filesize

                    32KB

                    Download