risepro | 7a0400eae92d64ff610f45f9940a88ef29935fa62e7b907b21fcd9a9ac1e9be9 | Triage

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 08:54

Sharing

Report Analysis Logs

General

Target

file.exe
Size

5.3MB
MD5

72d60d1757a653edc971426a27ab8507
SHA1

21ec40e6cc6d1edf5f502f3cb020e87d027a7279
SHA256

7a0400eae92d64ff610f45f9940a88ef29935fa62e7b907b21fcd9a9ac1e9be9
SHA512

1f45e770538696e2f472f92b25dca5545121404a74f80ec8366645d14851969a4d6d649d6d6be8ffe4495294d60e2606b40f2de8478a3a6e5a322e1159d76933
SSDEEP

98304:DsbQJClCuSW8VZpi4AJLpnG4wpwR3x4ycFygfdTrCrHmVJrPUyAUgAh4kM1p:4bQMa9Hi4EnNw+0P17UyAOh+1p

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3872	file.exe
3872	file.exe

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3872-0-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/3872-1-0x0000000000C20000-0x00000000015C5000-memory.dmp

Filesize
9.6MB

Download
memory/3872-2-0x0000000000C20000-0x00000000015C5000-memory.dmp

Filesize
9.6MB

Download
memory/3872-5-0x0000000000C20000-0x00000000015C5000-memory.dmp

Filesize
9.6MB

Download