Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/04/2024, 00:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef43b61027e5a4e340135de3a22797c333ed7d7f3d903b78975ead569fea1879.exe

  • Size

    2.2MB

  • MD5

    7bb8cb30220fb9f995b100eb32965799

  • SHA1

    dd8b37f680ea762ae7e5d775c88feed065991112

  • SHA256

    ef43b61027e5a4e340135de3a22797c333ed7d7f3d903b78975ead569fea1879

  • SHA512

    cf423d29acdbee8e92b27f5d95c42053f5ed6528a5a3c8cc7bf3961e8d97571129c14b27587774bd910ae1aa34fdbad815a705bfaeea8b57124f2bbd7c5edc90

  • SSDEEP

    49152:CeF1xn14/7p1+XV2ibKLJi3vIVOxlXIknS+GbU:v1xn1wp1+XV2oKIfpu+GbU

Score
10/10
riseproevasionstealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef43b61027e5a4e340135de3a22797c333ed7d7f3d903b78975ead569fea1879.exe
    "C:\Users\Admin\AppData\Local\Temp\ef43b61027e5a4e340135de3a22797c333ed7d7f3d903b78975ead569fea1879.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2692-0-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-1-0x0000000076EF6000-0x0000000076EF8000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2692-3-0x0000000005290000-0x0000000005291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-2-0x00000000052C0000-0x00000000052C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-4-0x0000000005300000-0x0000000005301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-6-0x0000000005270000-0x0000000005271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-5-0x0000000005280000-0x0000000005281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-8-0x00000000052F0000-0x00000000052F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-7-0x00000000052D0000-0x00000000052D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-10-0x00000000052B0000-0x00000000052B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-9-0x0000000005320000-0x0000000005321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-11-0x0000000005310000-0x0000000005311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-12-0x0000000005260000-0x0000000005261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-13-0x0000000005350000-0x0000000005352000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2692-14-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-15-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-16-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-17-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-18-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-19-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-20-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-21-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-22-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-23-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-24-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-25-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-26-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-27-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/2692-28-0x00000000009D0000-0x0000000000F49000-memory.dmp

    Filesize

    5.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.