Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-04-2024 08:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0b26d920204146c943fb05df421124416301b085f6e029e205bf468cead37f0.exe

  • Size

    2.3MB

  • MD5

    fc80488b06fca858884237733932cfcd

  • SHA1

    c44ad80e1b7f9d32b6bfa8c1dff9682b7039867d

  • SHA256

    d0b26d920204146c943fb05df421124416301b085f6e029e205bf468cead37f0

  • SHA512

    851dd20a318b108bf363d6731afa629fcd1cb6ee8cc096fa1a98ba881e7924fbe4cac44ea36674c0835b8a0c9f539150dccc7f1922e7201941e5ad36c19b04ed

  • SSDEEP

    49152:ig69SebPPiKgYyFinkLVYtFzUWVovSiZx9s9ef5J1Y21CW601AnpGjx:ig69Sebinink5yzfVov1r9sMf9R60K

Score
10/10
riseproevasionstealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0b26d920204146c943fb05df421124416301b085f6e029e205bf468cead37f0.exe
    "C:\Users\Admin\AppData\Local\Temp\d0b26d920204146c943fb05df421124416301b085f6e029e205bf468cead37f0.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2552-0-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-1-0x0000000077916000-0x0000000077918000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2552-3-0x0000000005560000-0x0000000005561000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-2-0x0000000005590000-0x0000000005591000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-5-0x0000000005550000-0x0000000005551000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-4-0x00000000055C0000-0x00000000055C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-6-0x0000000005540000-0x0000000005541000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-8-0x00000000055F0000-0x00000000055F1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-7-0x00000000055A0000-0x00000000055A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-10-0x0000000005580000-0x0000000005581000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-9-0x00000000055D0000-0x00000000055D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-11-0x00000000055E0000-0x00000000055E1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-12-0x0000000005530000-0x0000000005531000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2552-13-0x0000000005620000-0x0000000005622000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2552-14-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-15-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-16-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-17-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-18-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-19-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-20-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-21-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-22-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-23-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-24-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-25-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-26-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-27-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download
  • memory/2552-28-0x00000000009A0000-0x0000000000F78000-memory.dmp
    Filesize

    5.8MB

    Download