Analysis
-
max time kernel
149s -
max time network
161s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/04/2024, 15:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe
Resource
win10v2004-20240412-en
2 signatures
150 seconds
General
-
Target
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe
-
Size
907KB
-
MD5
b564ce416465d19db353b9f26f19404a
-
SHA1
3af588cb66b7df1ea1c4a762c39c451ac6cc12e7
-
SHA256
38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de
-
SHA512
bb500ef03b9937d3230ba737e77998bfaa81053df51eef7f6e2e639cf076c497836a4338ee1a04053e5e45b74630ba73d3f79db2c53c2c3c4d3f7502723eacda
-
SSDEEP
24576:STemar0O7EVO1GVB6r/fH0Zafo03vk4XwqE6TO:8SomGunH3g0384C6q
Malware Config
Extracted
Family
risepro
C2
147.45.47.93:58709
Signatures
Processes
-
C:\Users\Admin\AppData\Local\Temp\38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe"C:\Users\Admin\AppData\Local\Temp\38a7034aca87630f83ef74d24bc1b888db58a3beeba37c15f170b7f7954a36de.exe"1⤵PID:4856
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 6162⤵
- Program crash
PID:2800
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4856 -ip 48561⤵PID:3224