purelogstealer | 19c9916b59cb8573f64f15a1fa11e1704d24539cddad2559579ec4aff203c46c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41bfcac136ff8f5d232419298ec7b6e0N.exe
Size

2.5MB
MD5

41bfcac136ff8f5d232419298ec7b6e0
SHA1

ced165b12d38356915b64a083ec6c88633572c96
SHA256

19c9916b59cb8573f64f15a1fa11e1704d24539cddad2559579ec4aff203c46c
SHA512

5f8383fe13d662500dd44565821ac5299b4aaa23e864010f451db04130ce91d2fb1ebe652887abb04be98729cdb05b1f352e39a6de1d3479b46a4194dc900e5b
SSDEEP

49152:R5HDi1U52tdpGLi83D26M0Mn4QpcGvM0JZ4DKYW/IVStzY4cU+rb:fHDi1U52tdbCD60wp5E0JZ/7Aoz5w

Score

10^/10

purelogstealer stealer

Malware Config

Signatures

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2060-1-0x0000000000E30000-0x00000000010B6000-memory.dmp	family_purelog_stealer

Suspicious use of SetThreadContext 1 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe

description pid process target process

PID 2060 set thread context of 2136 2060 41bfcac136ff8f5d232419298ec7b6e0N.exe 41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process	target process
PID 2060 set thread context of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process
Token: SeDebugPrivilege	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeDebugPrivilege	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeDebugPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2136	41bfcac136ff8f5d232419298ec7b6e0N.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process	target process
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 2060 wrote to memory of 2136	2060	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe

C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2060-0-0x000000007457E000-0x000000007457F000-memory.dmp

Filesize
4KB

Download
memory/2060-1-0x0000000000E30000-0x00000000010B6000-memory.dmp

Filesize
2.5MB

Download
memory/2060-2-0x0000000074570000-0x0000000074C5E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-3-0x0000000005050000-0x0000000005298000-memory.dmp

Filesize
2.3MB

Download
memory/2060-4-0x00000000052A0000-0x00000000054EA000-memory.dmp

Filesize
2.3MB

Download
memory/2060-5-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-21-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-42-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-48-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-60-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-66-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-6-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-68-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-64-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-62-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-58-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-56-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-54-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-52-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-51-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-46-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-44-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-40-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-38-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-36-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-34-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-32-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-30-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-28-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-26-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-24-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-22-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-18-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-16-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-14-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-12-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-10-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-8-0x00000000052A0000-0x00000000054E4000-memory.dmp

Filesize
2.3MB

Download
memory/2060-4905-0x0000000074570000-0x0000000074C5E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-4893-0x00000000049D0000-0x0000000004A24000-memory.dmp

Filesize
336KB

Download
memory/2060-4892-0x0000000000AD0000-0x0000000000B1C000-memory.dmp

Filesize
304KB

Download
memory/2060-4891-0x0000000000D80000-0x0000000000E06000-memory.dmp

Filesize
536KB

Download
memory/2136-4910-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2136-4911-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/2136-4912-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/2136-4913-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download
memory/2136-4914-0x00000000744F0000-0x0000000074BDE000-memory.dmp

Filesize
6.9MB

Download