Overview

overview

10

Static

static

10

88074c5793...f4.exe

windows7-x64

10

88074c5793...f4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 22:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4.exe

  • Size

    2.6MB

  • MD5

    aaba962d3d067e40569aea22cc575eb9

  • SHA1

    390d7da6cfbfa0dca4b95d2543c450247ffba010

  • SHA256

    88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4

  • SHA512

    c29dc912d7b4ff06e0e307674a4f38b99dc7312499a370a31275d03043660c8a94302f91bc7577ddb6474e83eb15b2cee7cb47a57a5bea0a1b6ba4e7859d4cff

  • SSDEEP

    49152:8LKVdUWUCEKBMUzMXIc2JoF0sEdVevqiu0kVsMD94yyLzB7nOc:8LKQ7CBLwXIc2eF0sEdVeSJyJ

Score
10/10
purelogstealercollectionspywarestealer

Malware Config

Signatures

  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer
  • PureLog Stealer payload 1 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 35 IoCs
    collection
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4.exe
    "C:\Users\Admin\AppData\Local\Temp\88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Users\Admin\AppData\Local\Temp\88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4.exe
      "C:\Users\Admin\AppData\Local\Temp\88074c579380436d337be1825a11be1496fabc996881abb41101f7cfce8e9df4.exe"
      2⤵
      • Accesses Microsoft Outlook profiles
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • outlook_office_path
      • outlook_win_path
      PID:3204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Fshuqxff.tmpdb
          Filesize

          148KB

          MD5

          90a1d4b55edf36fa8b4cc6974ed7d4c4

          SHA1

          aba1b8d0e05421e7df5982899f626211c3c4b5c1

          SHA256

          7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

          SHA512

          ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Hwyrduanhcv.tmpdb
          Filesize

          92KB

          MD5

          de7d702f13db499233da2c87959d7696

          SHA1

          8d51283dc6b41cae89ac01928cd0460604ff1d3e

          SHA256

          78e689d13f1ff71daeb36634831fa7457a8c90ea465a3e342aef921d8ca82b34

          SHA512

          a57e198ff5e32453ac99d6aefb5ab71f9cb4c80006f2a75d3c3e0ef28a0ca00f387110788edc1df1e0a7ab9a2503571e82749e51acf7c67e654a586503754045

          Download Submit

        • memory/3008-0-0x0000000074D8E000-0x0000000074D8F000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3008-1-0x0000000000A60000-0x0000000000CFC000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3008-2-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3008-3-0x0000000004F70000-0x00000000051CE000-memory.dmp

          Filesize

          2.4MB

          Download

        • memory/3008-4-0x00000000061D0000-0x00000000064C2000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-5-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-8-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-18-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-6-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-10-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-38-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-36-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-34-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-32-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-30-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-28-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-26-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-24-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-22-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-20-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-16-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-14-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-12-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-44-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-46-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-50-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-62-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-66-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-68-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-64-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-60-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-58-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-56-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-54-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-52-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-48-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-42-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-40-0x00000000061D0000-0x00000000064BB000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/3008-4868-0x0000000000990000-0x00000000009DC000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3008-4867-0x0000000006A20000-0x0000000006B50000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/3008-4869-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3008-4870-0x00000000046F0000-0x0000000004744000-memory.dmp

          Filesize

          336KB

          Download

        • memory/3008-4884-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3204-4886-0x0000000004D30000-0x0000000004E3E000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/3204-4883-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3204-4882-0x0000000000400000-0x00000000004E8000-memory.dmp

          Filesize

          928KB

          Download

        • memory/3204-4885-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download

        • memory/3204-7757-0x00000000003C0000-0x00000000003C8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3204-7758-0x00000000055B0000-0x000000000564E000-memory.dmp

          Filesize

          632KB

          Download

        • memory/3204-7759-0x0000000005930000-0x000000000597C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/3204-7760-0x00000000005A0000-0x00000000005AA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3204-7761-0x0000000005E40000-0x0000000005EBA000-memory.dmp

          Filesize

          488KB

          Download

        • memory/3204-7794-0x0000000074D80000-0x000000007546E000-memory.dmp

          Filesize

          6.9MB

          Download