Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/04/2024, 23:29

General

  • Target

    5130743dd04c43efb81098943f84ada6741b39a7afc7d7c57b3584aefe924c6c.exe

  • Size

    2.2MB

  • MD5

    282cae1839e998901001d6fb4c50fd38

  • SHA1

    3591b4d40fb82f71fc1a3656b734c06eb5ca62c9

  • SHA256

    5130743dd04c43efb81098943f84ada6741b39a7afc7d7c57b3584aefe924c6c

  • SHA512

    15434d609f82e2ac7fe178abb9ea8e4b0c24962959aa29788a109aded9b11a727e6ef3782e944d270b425380c127532b0745086c0118dc86c6889598d4a24b2d

  • SSDEEP

    49152:lSUl6vD5DxN6HHLJ9tkL3JoePxgzuKkyOr9cvBnyWJ9Scx:lSSwD5DxkijJHPCz9OriyWW

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5130743dd04c43efb81098943f84ada6741b39a7afc7d7c57b3584aefe924c6c.exe
    "C:\Users\Admin\AppData\Local\Temp\5130743dd04c43efb81098943f84ada6741b39a7afc7d7c57b3584aefe924c6c.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:916

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/916-0-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-1-0x0000000077364000-0x0000000077366000-memory.dmp

          Filesize

          8KB

        • memory/916-3-0x0000000004A70000-0x0000000004A71000-memory.dmp

          Filesize

          4KB

        • memory/916-2-0x0000000004AA0000-0x0000000004AA1000-memory.dmp

          Filesize

          4KB

        • memory/916-4-0x0000000004AE0000-0x0000000004AE1000-memory.dmp

          Filesize

          4KB

        • memory/916-5-0x0000000004A60000-0x0000000004A61000-memory.dmp

          Filesize

          4KB

        • memory/916-6-0x0000000004A50000-0x0000000004A51000-memory.dmp

          Filesize

          4KB

        • memory/916-8-0x0000000004AB0000-0x0000000004AB1000-memory.dmp

          Filesize

          4KB

        • memory/916-7-0x0000000004AC0000-0x0000000004AC1000-memory.dmp

          Filesize

          4KB

        • memory/916-9-0x0000000004B00000-0x0000000004B01000-memory.dmp

          Filesize

          4KB

        • memory/916-10-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

          Filesize

          4KB

        • memory/916-11-0x0000000004A90000-0x0000000004A91000-memory.dmp

          Filesize

          4KB

        • memory/916-12-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

          Filesize

          4KB

        • memory/916-13-0x0000000004A40000-0x0000000004A41000-memory.dmp

          Filesize

          4KB

        • memory/916-14-0x0000000004B20000-0x0000000004B22000-memory.dmp

          Filesize

          8KB

        • memory/916-15-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-16-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-17-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-18-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-19-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-20-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-21-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-22-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-23-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-24-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-25-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-26-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-27-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-28-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB

        • memory/916-29-0x00000000003A0000-0x0000000000929000-memory.dmp

          Filesize

          5.5MB