Analysis
-
max time kernel
142s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15/04/2024, 15:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe
-
Size
907KB
-
MD5
b564ce416465d19db353b9f26f19404a
-
SHA1
3af588cb66b7df1ea1c4a762c39c451ac6cc12e7
-
SHA256
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de
-
SHA512
bb500ef03b9937d3230ba737e77998bfaa81053df51eef7f6e2e639cf076c497836a4338ee1a04053e5e45b74630ba73d3f79db2c53c2c3c4d3f7502723eacda
-
SSDEEP
24576:STemar0O7EVO1GVB6r/fH0Zafo03vk4XwqE6TO:8SomGunH3g0384C6q
Malware Config
Extracted
Family
risepro
C2
147.45.47.93:58709
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe"C:\Users\Admin\AppData\Local\Temp\38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe"1⤵PID:5116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 5962⤵
- Program crash
PID:980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4136,i,10943981808815347339,15838841970612097850,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:81⤵PID:1620
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5116 -ip 51161⤵PID:4532