Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2024 15:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    6.1MB

  • MD5

    3d1628fe327aa08882e3986943a8ac9f

  • SHA1

    1e3ab8cb86bac95394dc4ab2be3ba469703c2adf

  • SHA256

    d4dd0ad08042d331b371efc97ee1e489fcb10020eb5612ba6a351bb1893a35cc

  • SHA512

    7fedb1f41e66fc4ff2e1aac554981287ea0301e59804f72465a8ab2b7b2e00403cf973a250f76a21e4b4e33a474c3d57032cf2ea1f3e12e8528ac5d7de1257cf

  • SSDEEP

    98304:X3Ts8Wr4SLI5Vp85wnjciNTzlSsFXXOwPVy2ebChlFKZ8MoZnEQ2Ld7wboVmVE:XjPaLIuWjciJguXXtJ2CcuMWE3pfV7

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4824-0-0x0000000000FA0000-0x0000000001C00000-memory.dmp

    Filesize

    12.4MB

    Download

  • memory/4824-7-0x0000000000FA0000-0x0000000001C00000-memory.dmp

    Filesize

    12.4MB

    Download

  • memory/4824-8-0x0000000000F90000-0x0000000000F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-6-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-10-0x0000000001C70000-0x0000000001C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-9-0x0000000001C60000-0x0000000001C61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-11-0x0000000001C80000-0x0000000001C81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-12-0x0000000003830000-0x0000000003831000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-13-0x0000000003840000-0x0000000003841000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-15-0x0000000003860000-0x0000000003861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-16-0x0000000003870000-0x0000000003871000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-14-0x0000000003850000-0x0000000003851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-17-0x0000000003880000-0x0000000003881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-19-0x00000000038A0000-0x00000000038A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-18-0x0000000003890000-0x0000000003891000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-20-0x00000000038B0000-0x00000000038B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-21-0x00000000038C0000-0x00000000038C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-22-0x00000000038D0000-0x00000000038D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-23-0x00000000038E0000-0x00000000038E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-24-0x0000000003900000-0x0000000003901000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-25-0x0000000003910000-0x0000000003911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4824-26-0x0000000000FA0000-0x0000000001C00000-memory.dmp

    Filesize

    12.4MB

    Download

  • memory/4824-28-0x0000000000FA0000-0x0000000001C00000-memory.dmp

    Filesize

    12.4MB

    Download