Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9fef686b79cd1483d0ab0980c78cc21fd992be46b3b629acef854954baae015.exe

  • Size

    3.0MB

  • MD5

    a11e990781115197f465bd2b9fbbdf9b

  • SHA1

    2db26989be0bdc9624fad661a944f0b902f7275b

  • SHA256

    e9fef686b79cd1483d0ab0980c78cc21fd992be46b3b629acef854954baae015

  • SHA512

    86dfed2496118f72581e6a8f0cccd9ab68a2ab2d78ed0a9af4750d7627e0227416b0ab5fdbb981b9163f7f4f3e16354b3bd55cca4c2120122f9c26fd70d1e674

  • SSDEEP

    49152:OoVwjJy0xDBZxpwcpLYt9BLl0Kvv7ve0zXUASatN:OoVwQsDBrpwcpYt9F9Rb3D

Score
10/10
riseproevasionstealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9fef686b79cd1483d0ab0980c78cc21fd992be46b3b629acef854954baae015.exe
    "C:\Users\Admin\AppData\Local\Temp\e9fef686b79cd1483d0ab0980c78cc21fd992be46b3b629acef854954baae015.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1400-0-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-1-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-2-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-3-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-4-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-5-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-6-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-7-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-8-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-9-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-10-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-11-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-12-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-13-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-14-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-15-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1400-16-0x0000000000C60000-0x0000000001007000-memory.dmp

    Filesize

    3.7MB

    Download