Overview

overview

10

Static

static

10

324022960x...mp.exe

windows7-x64

10

324022960x...mp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 20:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    324022960x0000000000D600000x0000000001276000memorydmp.exe

  • Size

    5.1MB

  • MD5

    3a4d39024c587497fa36c2396e0f234b

  • SHA1

    2f7d707d47398ccb7bcbef1f91b24537560689d7

  • SHA256

    b76acb6bf1d4e07e2d5834256cf79c4ffc7c6fc8efb5ead759df0c9ba881312d

  • SHA512

    d734fcf0006133a9ea6be48bec382da9064422155f7909e4c61b6d864bfb4b1c9e1f017244e30c9ffa6a1bccbd3ee665303e48ae521ca1c337629a6cfd1bda53

  • SSDEEP

    49152:NQxG7esp+tHyVglC21psT+dTP8o1Cl8gsNlN5sTyIZ3Xz3Fuc3ejXdbFkeygcjRZ:OxJsp+kL216sbXHIZz3FuHjNpktPjF

Score
10/10
riseprostealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\324022960x0000000000D600000x0000000001276000memorydmp.exe
    "C:\Users\Admin\AppData\Local\Temp\324022960x0000000000D600000x0000000001276000memorydmp.exe"
    1⤵
      PID:2864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 224
        2⤵
        • Program crash
        PID:2092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2864 -ip 2864
      1⤵
        PID:1084

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2864-0-0x0000000000D60000-0x0000000001276000-memory.dmp

        Filesize

        5.1MB

        Download