Analysis
-
max time kernel
149s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 01:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
205524412abf2bbaeb37cdb73e6f70e59e74fdaa45f2eb68653a78c0f1098fb5.exe
Resource
win7-20231129-en
1 signatures
150 seconds
General
-
Target
205524412abf2bbaeb37cdb73e6f70e59e74fdaa45f2eb68653a78c0f1098fb5.exe
-
Size
929KB
-
MD5
8d9e2f348dc4b8555dc5ea3bb8bf1954
-
SHA1
9c528b6c8ed3e2f3326e447bd7e9942a34dd91c0
-
SHA256
205524412abf2bbaeb37cdb73e6f70e59e74fdaa45f2eb68653a78c0f1098fb5
-
SHA512
55fc50277541f89c4495cb073bd6ed74426e24872f7c60ff548e4e5c7a72d739b24310ab9ff6c5b7ade299680843eb94f6616d1ce2198e679299cdd34b3b0b61
-
SSDEEP
24576:F8kfI124AESnFkuFCWpT71nsL7KFtfyxQnxiW:Fhg12lFxgW7ns2U4
Malware Config
Extracted
Family
risepro
C2
147.45.47.93:58709
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\205524412abf2bbaeb37cdb73e6f70e59e74fdaa45f2eb68653a78c0f1098fb5.exe"C:\Users\Admin\AppData\Local\Temp\205524412abf2bbaeb37cdb73e6f70e59e74fdaa45f2eb68653a78c0f1098fb5.exe"1⤵PID:1604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 5882⤵
- Program crash
PID:4428
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1604 -ip 16041⤵PID:3176