risepro | f00960758e817161a35d897afdaffe12ece240e16b5315d0d9aaf7c63e7fd619

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-03-2024 22:29

Target

file.exe
Size

2.3MB
MD5

9c32d6bfff2dc20914a7f67c4b3dab5c
SHA1

64e0ac3ed536b7401dbb4eb2ef389f5d26e8d12e
SHA256

f00960758e817161a35d897afdaffe12ece240e16b5315d0d9aaf7c63e7fd619
SHA512

0109a5eb932f80649c679e6e86cd26299f89ce1a36fd52093385bb1b4e5b399351ca9b437a56c9213a6be37cce8909916c47f3d418d84c5f730e574c4717ce66
SSDEEP

49152:6UENWo8koI3hM1FI9LaMAcPmu6/XnZd5e9TXu35YOUoVE2l/nh2JqG:588GRM1FI9La1c+LvZ0TXoUJu/s

Score

10^/10

risepro stealer

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2216 set thread context of 2056	2216	file.exe	29

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29
PID 2216 wrote to memory of 2056	2216	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2056

memory/2056-8-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-4-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-5-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-6-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2056-11-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-15-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-17-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2056-21-0x0000000000400000-0x0000000000846000-memory.dmp

Filesize
4.3MB

Download
memory/2216-1-0x0000000074330000-0x0000000074A1E000-memory.dmp

Filesize
6.9MB

Download
memory/2216-7-0x0000000002360000-0x0000000004360000-memory.dmp

Filesize
32.0MB

Download
memory/2216-0-0x00000000008A0000-0x0000000000AFA000-memory.dmp

Filesize
2.4MB

Download
memory/2216-14-0x0000000074330000-0x0000000074A1E000-memory.dmp

Filesize
6.9MB

Download