Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    93s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28-04-2024 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37cb404d7ab5f26ee23a2003834d3c265a962a3c8368929ac8defe8f9bf93c94.exe

  • Size

    2.3MB

  • MD5

    58297b31cefbe6652bb001b8889110e0

  • SHA1

    84034b14410384032d159126c1c0e8c2212f6cf3

  • SHA256

    37cb404d7ab5f26ee23a2003834d3c265a962a3c8368929ac8defe8f9bf93c94

  • SHA512

    59ea98be0c66aba04d4e92901eb546e2814f31c9187d4845dda6a64495e06a92b5c4bb74a99fd71304e1915a6d8137b4baffcb4b8a19c208dd210e4a942c9e65

  • SSDEEP

    49152:0g69SebPPiKgYyq3fLYYkOX4keD80qW/hTRhsGEgIXGyd4o:0g69Sebi83fLYYkt/80t/FohGy

Score
10/10
riseproevasionstealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37cb404d7ab5f26ee23a2003834d3c265a962a3c8368929ac8defe8f9bf93c94.exe
    "C:\Users\Admin\AppData\Local\Temp\37cb404d7ab5f26ee23a2003834d3c265a962a3c8368929ac8defe8f9bf93c94.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1044-0-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-1-0x00000000779E6000-0x00000000779E8000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1044-2-0x00000000057A0000-0x00000000057A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-12-0x0000000005740000-0x0000000005741000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-11-0x00000000057F0000-0x00000000057F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-10-0x0000000005790000-0x0000000005791000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-9-0x0000000005800000-0x0000000005801000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-8-0x00000000057E0000-0x00000000057E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-7-0x00000000057B0000-0x00000000057B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-6-0x0000000005750000-0x0000000005751000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-5-0x0000000005760000-0x0000000005761000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-4-0x00000000057D0000-0x00000000057D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-3-0x0000000005770000-0x0000000005771000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1044-13-0x0000000005820000-0x0000000005822000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1044-14-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-15-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-16-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-17-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-18-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-19-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-20-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-21-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-22-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-23-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-24-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-25-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-26-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-27-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1044-28-0x0000000000D20000-0x0000000001300000-memory.dmp

    Filesize

    5.9MB

    Download