risepro | 7a0400eae92d64ff610f45f9940a88ef29935fa62e7b907b21fcd9a9ac1e9be9

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 08:54

Target

file.exe
Size

5.3MB
MD5

72d60d1757a653edc971426a27ab8507
SHA1

21ec40e6cc6d1edf5f502f3cb020e87d027a7279
SHA256

7a0400eae92d64ff610f45f9940a88ef29935fa62e7b907b21fcd9a9ac1e9be9
SHA512

1f45e770538696e2f472f92b25dca5545121404a74f80ec8366645d14851969a4d6d649d6d6be8ffe4495294d60e2606b40f2de8478a3a6e5a322e1159d76933
SSDEEP

98304:DsbQJClCuSW8VZpi4AJLpnG4wpwR3x4ycFygfdTrCrHmVJrPUyAUgAh4kM1p:4bQMa9Hi4EnNw+0P17UyAOh+1p

Score

10^/10

risepro stealer

Family

risepro

193.233.132.67:50500

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1304	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1304

memory/1304-2-0x00000000000F0000-0x0000000000A95000-memory.dmp

Filesize
9.6MB

Download
memory/1304-3-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1304-0-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1304-5-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1304-6-0x00000000000F0000-0x0000000000A95000-memory.dmp

Filesize
9.6MB

Download
memory/1304-7-0x0000000077D70000-0x0000000077D71000-memory.dmp

Filesize
4KB

Download
memory/1304-10-0x00000000000F0000-0x0000000000A95000-memory.dmp

Filesize
9.6MB

Download