purecrypter | 3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 01:26

Target

3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2.exe
Size

42KB
MD5

bb2fe2fc0e8fbe40ad8255f9b27498d8
SHA1

0b8f441d8a91de1a6ef25531e9b1889d29614095
SHA256

3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2
SHA512

39aafbebe264a07565de9fc640cbdd88b483b848187a9b68b75a9798954c89b64359400f691499d8cfa2e2824fe20be833de4f28cdd3611212be8c328f2f646a
SSDEEP

768:DGIMl1ZpVAuwk+0JEmjoLWrU0y1oUz3wERUdocKXU6EXc7ZYLilzqKikl+mr7i0F:DrWZ0u6WK+U0y1v3w1+cqUx66mzqKikP

Score

10^/10

Family

purecrypter

https://erkasera.com/Yaki/Tcdtpyiqmak.wav

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2196	3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2.exe

C:\Users\Admin\AppData\Local\Temp\3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2.exe
"C:\Users\Admin\AppData\Local\Temp\3ed31d62ca1a55ed5154502486452c6a825eb95a913a2db780fbbd23c6bdf7e2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2196

memory/2196-2-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download
memory/2196-1-0x00000000011E0000-0x00000000011F0000-memory.dmp

Filesize
64KB

Download
memory/2196-0-0x000000007418E000-0x000000007418F000-memory.dmp

Filesize
4KB

Download
memory/2196-3-0x000000007418E000-0x000000007418F000-memory.dmp

Filesize
4KB

Download
memory/2196-4-0x0000000074180000-0x000000007486E000-memory.dmp

Filesize
6.9MB

Download