Overview

overview

10

Static

static

3

file.exe

windows10-2004-x64

10

Resubmissions

14-03-2024 08:29

240314-kdjy1aeh6z 10

05-02-2024 10:15

240205-l984faddb4 10

Analysis

  • max time kernel
    10s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    5.6MB

  • MD5

    d08e21ef739bcb9d74508790a6e6238f

  • SHA1

    74576503141f26edab05ce2da89b66cb3bcf293b

  • SHA256

    42c24e5ea82db961c718b4ec041202f85de3cdf6d35dd99d83a753f9a175945d

  • SHA512

    6ea1cd13b0bda1b69d0af26f073e2eb1eb2722b83a39c4b53148528fb88e09133ef7d095dc6617c5571e4a5248e0162f68afe13a4b1daa522797912a69b5dbee

  • SSDEEP

    98304:eImo/NRpwP2DkKA+Ga5q73V41AmcR1Miq465iU7Fem+KOd8PbXLgKiOvG6ZB6Q3H:Xm0Rouq61i1U5Um+J+jkjEG6Zw

Score
10/10
privateloaderriseproloaderstealer

Malware Config

Extracted

Family

privateloader

C2

45.15.156.229

195.20.16.45

77.105.147.130

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:4424
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:4068
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:4312

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4424-0-0x00000000001D0000-0x0000000000BBC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/4424-1-0x0000000002D00000-0x0000000002D01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-2-0x0000000002D10000-0x0000000002D11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-3-0x0000000002D30000-0x0000000002D31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-4-0x0000000002D60000-0x0000000002D61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-5-0x0000000002D70000-0x0000000002D71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-6-0x0000000002D80000-0x0000000002D81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-7-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4424-8-0x00000000001D0000-0x0000000000BBC000-memory.dmp

        Filesize

        9.9MB

        Download