Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 19:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    1.8MB

  • MD5

    d000f10b5ea1c66dd2f38b437552efae

  • SHA1

    22062740762977633d2678dbea3229a48e32b963

  • SHA256

    c8036552ee5aa9ce1c45475a550bb73c67a4b767befc158d4e5212aab67aaf94

  • SHA512

    610c14866abdf3a0a0de239153c8a9462788ad49068d3e2808f44ace359986e87194de4349312748144b063e3dafa4a54451cb14f6afe09211512ca8fa57a03c

  • SSDEEP

    49152:+TlZwnfq/SDr6pcUQwmwtxIWVKLtZOaDsEmvO6eyR:+Tl+niaDr2cUQwmcEZtxYOLo

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2632-0-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-1-0x00000000770B0000-0x00000000770B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2632-2-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-3-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-4-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-5-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-6-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-7-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-8-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-9-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-10-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-11-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-12-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-13-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-14-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-15-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2632-16-0x0000000000EB0000-0x00000000013CE000-memory.dmp

    Filesize

    5.1MB

    Download