Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240705-de -
resource tags
arch:x64arch:x86image:win7-20240705-delocale:de-deos:windows7-x64systemwindows -
submitted
22-08-2024 17:47
Behavioral task
behavioral1
Sample
SyncSpoofer.exe
Resource
win7-20240705-de
Behavioral task
behavioral2
Sample
SyncSpoofer.exe
Resource
win10v2004-20240802-de
General
-
Target
SyncSpoofer.exe
-
Size
276KB
-
MD5
5a8afe7bfd11728c32066c4290eeddc7
-
SHA1
f2064bbdec287d61722ef35e511b4090212cd1a8
-
SHA256
92c799a2fd29060a44558a153d1ff5866e420e46b35bdd4546c782c17d4bb50f
-
SHA512
e03994e666aa7ff84400e86e4cc3db5a77a5475e1961b553f16dbc293160f58f196b0ab6fb7be4ba34b1d030969f2f94ae80dc0c423f3ec015621bf987b796cb
-
SSDEEP
1536:hJ99JW77A9oXFY+w67Vh7O9H/squacb3P12NETDLiaSKry3bgDBsvVeXBdZs4o7M:vSFHh69HEZJRTDLiaSKreumVeBs4o
Malware Config
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 1 IoCs
resource yara_rule behavioral1/memory/2808-1-0x0000000000020000-0x0000000000066000-memory.dmp family_purelog_stealer -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SyncSpoofer.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe 2808 SyncSpoofer.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2808 SyncSpoofer.exe