Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 11:42
Behavioral task
behavioral1
Sample
5.exe
Resource
win7-20240508-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
5.exe
Resource
win10v2004-20240611-en
15 signatures
150 seconds
General
-
Target
5.exe
-
Size
50KB
-
MD5
a4ae05762502813b211f8a85ade4aaf9
-
SHA1
d8ccccad0ec7dd9ada63a9b7b2f318d5c2bf7345
-
SHA256
ff1a81ba33a6328568c2c3fa6c02d90909322624fd07c76d9fb300e56d47092a
-
SHA512
4ec7b4063079e418d1b7a7d4a81bf823976fb22aa3011914420cd95b1a0f7a0a7b36e3b6a2edbb5395c11c71cbf800747fc2cdaea9fa5fe0ca6df0ee59041dff
-
SSDEEP
768:hYkXQd1NrfaBQrpl21Ic6ehe9cy3i5j6Aw6/hnkz8IkOWHQki8T:O6Qr8QrMryp+WIhnO8jOWF
Score
10/10
Malware Config
Signatures
-
PureLog Stealer
PureLog Stealer is an infostealer written in C#.
-
PureLog Stealer payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2428-1-0x00000000010C0000-0x00000000010D2000-memory.dmp family_purelog_stealer -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
5.exedescription pid process Token: SeDebugPrivilege 2428 5.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2428-0-0x00000000749EE000-0x00000000749EF000-memory.dmpFilesize
4KB
-
memory/2428-1-0x00000000010C0000-0x00000000010D2000-memory.dmpFilesize
72KB
-
memory/2428-2-0x00000000001B0000-0x00000000001B6000-memory.dmpFilesize
24KB
-
memory/2428-3-0x00000000749E0000-0x00000000750CE000-memory.dmpFilesize
6.9MB
-
memory/2428-4-0x00000000749EE000-0x00000000749EF000-memory.dmpFilesize
4KB
-
memory/2428-5-0x00000000749E0000-0x00000000750CE000-memory.dmpFilesize
6.9MB