Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    6.4MB

  • MD5

    8832a526a5d248f89a69fea69634bf37

  • SHA1

    a7bff94cd795760f0ef820cc86dd06f3017a5952

  • SHA256

    32a28c30c4a2bb265ea5f24609da950fb66613677b747083c590104649db77cd

  • SHA512

    49548b11c8fb08e6994117a5635ae35627463c62b284a05cad9a52bffa5b2394ad2a3d66cb21b27ed616b79eed8b8371669ab7c70f0a8873a814698e1408d546

  • SSDEEP

    98304:2LZ8w0/nnd5JJVSZ7x9yYz1di3wvuJE8z4A6r+d8fgC+o504hwgH4AmRRGw:2LZOhbSsQy3wGW8z4A6KdRto5PlY3v

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.116:50500

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tmp.exe
    "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1620-0-0x0000000000C80000-0x0000000001961000-memory.dmp

    Filesize

    12.9MB

    Download

  • memory/1620-7-0x0000000003A80000-0x0000000003A81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-6-0x0000000003970000-0x0000000003971000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-9-0x0000000000C80000-0x0000000001961000-memory.dmp

    Filesize

    12.9MB

    Download

  • memory/1620-8-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-10-0x0000000003AC0000-0x0000000003AC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-12-0x0000000003AE0000-0x0000000003AE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-11-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1620-15-0x0000000000C80000-0x0000000001961000-memory.dmp

    Filesize

    12.9MB

    Download