Analysis

  • max time kernel
    162s
  • max time network
    153s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/04/2024, 18:50

General

  • Target

    2e537b9cdb3a88e3af4fdd84eff43e83e52a425677cead17be4c133c37f9632c.exe

  • Size

    3.0MB

  • MD5

    7fb73bf9ec519f78cdc0acbb3f3f1bb7

  • SHA1

    4690395ed43c5a8b9580746929466f249ef7d84b

  • SHA256

    2e537b9cdb3a88e3af4fdd84eff43e83e52a425677cead17be4c133c37f9632c

  • SHA512

    8ad884529b105754375e72b13e24b51afab6a719b42cdbffab14f81bac513ef2f9ff1af96c7147dfd7bcec22bc661243022070c1e3bc8955e0d32a46d8f6ca49

  • SSDEEP

    49152:amUl5eHtY9C/YxaLRVH66idcKYlz/ynJFMS:amAk4aLRF669KYlz/0M

Score
10/10

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e537b9cdb3a88e3af4fdd84eff43e83e52a425677cead17be4c133c37f9632c.exe
    "C:\Users\Admin\AppData\Local\Temp\2e537b9cdb3a88e3af4fdd84eff43e83e52a425677cead17be4c133c37f9632c.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    PID:4568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4568-0-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-1-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-2-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-3-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-4-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-5-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-6-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-7-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-8-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-9-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-10-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-11-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-12-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-13-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-14-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-15-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB

        • memory/4568-16-0x0000000000680000-0x0000000000A35000-memory.dmp

          Filesize

          3.7MB