risepro | f906a2852b074687e98dc4da98b46d4a87c0fb726d2ac18b43d1fa7b5bcb4b7a

Analysis

max time kernel
142s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-02-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b.exe
Size

900KB
MD5

f8ad51561a618f29fdb37b7f17ca6fe0
SHA1

a845a35bef35d6ceb479aafcff732fccc1e1ac55
SHA256

ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b
SHA512

2d0b211167e316ab758f9517ae9b5e7055367dc5b9501bb917dec5b3ad310a8dc4173e80cd0d22dc9dda8a23c3091d71c5c46d7f6a72dc475b37c08328e69918
SSDEEP

24576:4hTQu9uJOw4GT7KbykaOjbmZF1viYhitYAJo:4BQukH48eWO0ItYEo

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

193.233.132.62

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3056	ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3056	ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b.exe

C:\Users\Admin\AppData\Local\Temp\ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b.exe
"C:\Users\Admin\AppData\Local\Temp\ea956420a8461b1aea880e09f5a85ae28cf70373f9e2e87a7304413f8be0ac8b.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3056-0-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-1-0x0000000000230000-0x000000000027B000-memory.dmp

Filesize
300KB

Download
memory/3056-3-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-5-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-6-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-7-0x0000000000230000-0x000000000027B000-memory.dmp

Filesize
300KB

Download
memory/3056-8-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/3056-9-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-10-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download
memory/3056-11-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-12-0x0000000000230000-0x000000000027B000-memory.dmp

Filesize
300KB

Download
memory/3056-13-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-14-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-15-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-16-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-17-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-18-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-19-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-22-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-23-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-24-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-25-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-26-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download
memory/3056-28-0x0000000000400000-0x0000000000574000-memory.dmp

Filesize
1.5MB

Download