Analysis
-
max time kernel
10s -
max time network
11s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
04-04-2024 09:02
General
-
Target
qwcEjrHU5nu3zB9LKmGVuRne.exe
-
Size
822KB
-
MD5
f29bb9918f3803046c2bab24c20b458d
-
SHA1
c162f42333a6a7ef23ea9fc17e470daece374b6c
-
SHA256
b84760ded0544c86d23849130082b99c3000b1e4ca5da0690fcdfbf2771b7993
-
SHA512
e9f27f3be82a4b32ad155067b5e7c8652ec2031321eec64574152f2ddb01ff20dc9f44ee75ff7c363b103e3d8a7952c013416f360527e969963a11dea023a164
-
SSDEEP
24576:OYHymN8tZiUqGvCBSYcjOaTKsB5Oih4un0:OYRNyZiUqwCgYWHhn
Score
10/10
Malware Config
Signatures
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\qwcEjrHU5nu3zB9LKmGVuRne.exe"C:\Users\Admin\AppData\Local\Temp\qwcEjrHU5nu3zB9LKmGVuRne.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST2⤵
- Creates scheduled task(s)
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
684KB
-
Filesize
684KB
-
Filesize
1.3MB
-
Filesize
40.0MB