Overview

overview

10

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/01/2024, 19:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    2.3MB

  • MD5

    e102fe84451fa18c107fcada5c6baa92

  • SHA1

    f5add1918b1d81e044dccf9cdbd92ff9aa78a620

  • SHA256

    28a3a0f8cc6cb42927aa1aa81a077020748a734acfe46412f06153deb23fa1de

  • SHA512

    7a612cc1c4a7518f2de32357115acb6d7948679ece9a1a5c241ab6764fd6345344050d633796aedb7bf9d44def8b54f0129576a6995abb660e192e6f28cc4873

  • SSDEEP

    49152:qkQTAnh26CWxHi+q69KIuPtu8oc8xLpENEVABEZDaaDPV4E2rfV8bwVZzuuPB:qanh2WHtq69nR8oZLqbGXPKE2rswVou5

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

109.107.182.26:50500

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • .NET Reactor proctector 3 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:4792

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4792-9-0x0000000000400000-0x0000000000811000-memory.dmp

            Filesize

            4.1MB

            Download

          • memory/4792-21-0x0000000000400000-0x0000000000811000-memory.dmp

            Filesize

            4.1MB

            Download

          • memory/4792-18-0x0000000000400000-0x0000000000811000-memory.dmp

            Filesize

            4.1MB

            Download

          • memory/4792-12-0x0000000000400000-0x0000000000811000-memory.dmp

            Filesize

            4.1MB

            Download

          • memory/5040-3-0x00000000052D0000-0x00000000052E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5040-4-0x00000000052D0000-0x00000000052E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5040-1-0x0000000074D90000-0x0000000075540000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/5040-6-0x00000000052E0000-0x0000000005514000-memory.dmp

            Filesize

            2.2MB

            Download

          • memory/5040-16-0x0000000074D90000-0x0000000075540000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/5040-13-0x0000000002DF0000-0x0000000004DF0000-memory.dmp

            Filesize

            32.0MB

            Download

          • memory/5040-5-0x0000000005760000-0x0000000005D04000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/5040-2-0x00000000052D0000-0x00000000052E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5040-0-0x0000000005520000-0x0000000005756000-memory.dmp

            Filesize

            2.2MB

            Download