Overview

overview

10

Static

static

3

254005323a...7b.exe

windows7-x64

10

254005323a...7b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-03-2024 08:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    254005323ac6e401bddf283e17a6cb7b.exe

  • Size

    2.9MB

  • MD5

    254005323ac6e401bddf283e17a6cb7b

  • SHA1

    2f6aee45f508fa5c96682e8a93f9201f8611bb25

  • SHA256

    e8cbafcf196bb80ccb2249e8f6a18c02d8d67926a298165592c4ec742851749f

  • SHA512

    21fa26a1a2df2d43661eca7fb854d8afd98d318da6433d157190a0bc2ee79490e5c249855017eef36bcce857882c3ae96fcd24eab0ae8209663703e9ed56c666

  • SSDEEP

    49152:zHR5sQ4fSAn8bmnf7N1GkIkDtjuk+PPDTT9XJhTgI/tOc/X1nsg9oZkozdFT:D2fSpbmnfIk3QPDTZXbkSCg9ElxF

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\254005323ac6e401bddf283e17a6cb7b.exe
    "C:\Users\Admin\AppData\Local\Temp\254005323ac6e401bddf283e17a6cb7b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/548-0-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/548-2-0x0000000077070000-0x0000000077071000-memory.dmp
    Filesize

    4KB

    Download
  • memory/548-3-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-4-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-5-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-6-0x000000007EBD0000-0x000000007EFA1000-memory.dmp
    Filesize

    3.8MB

    Download
  • memory/548-7-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-8-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-9-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-10-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-11-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-12-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-13-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-14-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-15-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-16-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-17-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download
  • memory/548-18-0x00000000009D0000-0x00000000014CE000-memory.dmp
    Filesize

    11.0MB

    Download