purelogstealer | 19c9916b59cb8573f64f15a1fa11e1704d24539cddad2559579ec4aff203c46c

Analysis

max time kernel
119s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41bfcac136ff8f5d232419298ec7b6e0N.exe
Size

2.5MB
MD5

41bfcac136ff8f5d232419298ec7b6e0
SHA1

ced165b12d38356915b64a083ec6c88633572c96
SHA256

19c9916b59cb8573f64f15a1fa11e1704d24539cddad2559579ec4aff203c46c
SHA512

5f8383fe13d662500dd44565821ac5299b4aaa23e864010f451db04130ce91d2fb1ebe652887abb04be98729cdb05b1f352e39a6de1d3479b46a4194dc900e5b
SSDEEP

49152:R5HDi1U52tdpGLi83D26M0Mn4QpcGvM0JZ4DKYW/IVStzY4cU+rb:fHDi1U52tdbCD60wp5E0JZ/7Aoz5w

Score

10^/10

purelogstealer stealer

Malware Config

Signatures

PureLog Stealer
PureLog Stealer is an infostealer written in C#.
stealer purelogstealer

PureLog Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/464-1-0x0000000000AC0000-0x0000000000D46000-memory.dmp	family_purelog_stealer

Suspicious use of SetThreadContext 1 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe

description pid process target process

PID 464 set thread context of 2540 464 41bfcac136ff8f5d232419298ec7b6e0N.exe 41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process	target process
PID 464 set thread context of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process
Token: SeDebugPrivilege	464	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeDebugPrivilege	464	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeDebugPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeSecurityPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe
Token: SeBackupPrivilege	2540	41bfcac136ff8f5d232419298ec7b6e0N.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

41bfcac136ff8f5d232419298ec7b6e0N.exe

description	pid	process	target process
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe
PID 464 wrote to memory of 2540	464	41bfcac136ff8f5d232419298ec7b6e0N.exe	41bfcac136ff8f5d232419298ec7b6e0N.exe

C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe
"C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:464
- C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe
  "C:\Users\Admin\AppData\Local\Temp\41bfcac136ff8f5d232419298ec7b6e0N.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\41bfcac136ff8f5d232419298ec7b6e0N.exe.log

Filesize
716B

MD5
a92a2835b20b01436fb6517e97090bb1

SHA1
1a179d6b4018cc896708aa112b9d683176ba59b9

SHA256
807a02aa126863cf5b802851a3b42d233a856346c0fb13517236815a1764e963

SHA512
ef51b2bcfa1cdd33a02176d87b609f8ea4a6c4cfcf69094e88459a19bd1c187872b3a789a46e28869dad63f559cab8d51ac1125a172d71c477f3dd0ec60550a9

Download Submit
memory/464-0-0x0000000074ABE000-0x0000000074ABF000-memory.dmp

Filesize
4KB

Download
memory/464-1-0x0000000000AC0000-0x0000000000D46000-memory.dmp

Filesize
2.5MB

Download
memory/464-2-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/464-3-0x00000000057E0000-0x0000000005A28000-memory.dmp

Filesize
2.3MB

Download
memory/464-4-0x0000000005AA0000-0x0000000005CEA000-memory.dmp

Filesize
2.3MB

Download
memory/464-6-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-10-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-38-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-48-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-36-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-34-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-32-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-28-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-26-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-30-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-24-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-22-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-20-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-16-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-14-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-8-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-18-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-5-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-12-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-52-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-68-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-66-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-64-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-62-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-60-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-58-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-56-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-54-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-50-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-46-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-44-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-42-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-40-0x0000000005AA0000-0x0000000005CE4000-memory.dmp

Filesize
2.3MB

Download
memory/464-4891-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/464-4892-0x0000000005D50000-0x0000000005DD6000-memory.dmp

Filesize
536KB

Download
memory/464-4893-0x0000000005E60000-0x0000000005EAC000-memory.dmp

Filesize
304KB

Download
memory/464-4894-0x0000000006670000-0x0000000006C14000-memory.dmp

Filesize
5.6MB

Download
memory/464-4895-0x0000000006050000-0x00000000060A4000-memory.dmp

Filesize
336KB

Download
memory/464-4898-0x0000000074AB0000-0x0000000075260000-memory.dmp

Filesize
7.7MB

Download
memory/2540-4900-0x0000000074A80000-0x0000000074B2B000-memory.dmp

Filesize
684KB

Download
memory/2540-4901-0x0000000000400000-0x0000000000472000-memory.dmp

Filesize
456KB

Download
memory/2540-4902-0x0000000005630000-0x00000000056C2000-memory.dmp

Filesize
584KB

Download
memory/2540-4903-0x0000000074A80000-0x0000000074B2B000-memory.dmp

Filesize
684KB

Download
memory/2540-4904-0x00000000056D0000-0x00000000056DA000-memory.dmp

Filesize
40KB

Download
memory/2540-4905-0x0000000008A10000-0x0000000009028000-memory.dmp

Filesize
6.1MB

Download
memory/2540-4906-0x0000000008640000-0x000000000874A000-memory.dmp

Filesize
1.0MB

Download
memory/2540-4907-0x0000000008580000-0x0000000008592000-memory.dmp

Filesize
72KB

Download
memory/2540-4908-0x00000000085E0000-0x000000000861C000-memory.dmp

Filesize
240KB

Download
memory/2540-4909-0x0000000008750000-0x000000000879C000-memory.dmp

Filesize
304KB

Download
memory/2540-4910-0x0000000074A80000-0x0000000074B2B000-memory.dmp

Filesize
684KB

Download