Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5cbedfc8cb...ed.exe

windows7-x64

10

5cbedfc8cb...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cbedfc8cb4b91ed6b70b40d4489e9ed.exe

  • Size

    1.1MB

  • MD5

    5cbedfc8cb4b91ed6b70b40d4489e9ed

  • SHA1

    b56421265081dbad0a815533bd1aedfe630f8e7c

  • SHA256

    30d0f0e3bc0bb25448c58097cb620fab4bf9bf3831fa1c38420bf3fc777c1e31

  • SHA512

    14c9eddd99854291740300cf7f819899f9b32903a69e196be00c1eab4fc448a20f9e86a31428ae6af4cfba8007bc143a805e2a08aaad79926fa0e04712e39d0e

  • SSDEEP

    24576:oU9W4FjII16gEZL23Y6ld/zW7epoNr2t7twQuiyIakELXBqLIek9Jhpfn:f9WyIUREU3lld/zW7E+K/lrL8XBqLIJf

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cbedfc8cb4b91ed6b70b40d4489e9ed.exe
    "C:\Users\Admin\AppData\Local\Temp\5cbedfc8cb4b91ed6b70b40d4489e9ed.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2152-0-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-2-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-3-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-4-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-5-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-6-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-7-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-8-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-9-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-10-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-11-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-12-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-13-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-14-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/2152-15-0x0000000000800000-0x0000000000CE0000-memory.dmp

    Filesize

    4.9MB

    Download