Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 05:08

General

  • Target

    4712-2-0x00000000008A0000-0x000000000103E000-memory.exe

  • Size

    7.6MB

  • MD5

    ca0c5da0573c00be6ce3cac25cf0d6d5

  • SHA1

    f2f71b012a69f447e59529ba637be61ec0c15c28

  • SHA256

    db652736f59339bc3e46225af2d64a4c0e019444262cfa870f58875f2030b5df

  • SHA512

    dfc3643041c06e5ddb953d2b67e96469957fd011487d0e2cc9e83a86dcdb5eafea31cb4dc0ca7d5886237ff39cc25f831e3b72d63541e18eaf6113ffe60a2f60

  • SSDEEP

    98304:XFsM7fhuW6EsVzMyC5h6TkXde4IJHwnVzrTB8maD0huGb1rvKvqmHCZkH4wkjMwX:VzfhuFzMcSNTB8Pwoa9v4ji+YnpLrJ1

Score
10/10

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4712-2-0x00000000008A0000-0x000000000103E000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\4712-2-0x00000000008A0000-0x000000000103E000-memory.exe"
    1⤵
      PID:4068
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        2⤵
        • Program crash
        PID:4764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4068 -ip 4068
      1⤵
        PID:4060

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4068-0-0x0000000000370000-0x0000000000B0E000-memory.dmp

              Filesize

              7.6MB