Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 09:12

General

  • Target

    3124-2-0x0000000000410000-0x0000000000BAB000-memory.exe

  • Size

    7.6MB

  • MD5

    f294faf820c17fe282f184a3eb156b9a

  • SHA1

    bc0af578de5f4a85a3c25c79a4a45f8f03d179eb

  • SHA256

    0b79f4f97fa52bac4764767a7a1087e5f3695fd6cd12d7c0ad36c5a2059c3640

  • SHA512

    d3096b73ca3be78964e127ea19c464e9d617775e9b3b0f7d592896740b866196c301803de1cbf50b962d84f48cb6f36b9a5ba9a9628fc88c3ce8a1bb5f91625e

  • SSDEEP

    196608:3zfhuFVN6ebj4n9EiRWxZaZuS7OvA+ye:du3REn9fsxfS7Ov

Score
10/10

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3124-2-0x0000000000410000-0x0000000000BAB000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\3124-2-0x0000000000410000-0x0000000000BAB000-memory.exe"
    1⤵
      PID:1020
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
        2⤵
        • Program crash
        PID:4532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1020 -ip 1020
      1⤵
        PID:4828

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1020-0-0x0000000000A00000-0x000000000119B000-memory.dmp

              Filesize

              7.6MB