Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29/04/2024, 05:21 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe

  • Size

    2.3MB

  • MD5

    d665954b26db6244562a36016959d94a

  • SHA1

    73aaa0b6ec6e2fc0e29eaf2173b40ba564df8e4c

  • SHA256

    d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112

  • SHA512

    2a9e0f25a67239023c131199efef84c3b041eef478eccfef9a5059e431189fc1ccf30d35f553b7ede69ca16f93436236fa4fef061e97d27da3ebbbc030ee1bd7

  • SSDEEP

    49152:wg69SebPPiKgYyg5IqA4L7adWmIelAeSy65OfhkayZbQAO4YBAcMGoqAKZ:wg69SebiO+L4/WbI2J6cfJYbQhqAj

Score
10/10
riseproevasionstealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe
    "C:\Users\Admin\AppData\Local\Temp\d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:380

Network

  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.140.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.140.123.92.in-addr.arpa
    IN PTR
    Response
    25.140.123.92.in-addr.arpa
    IN PTR
    a92-123-140-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    89.16.208.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    89.16.208.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    159.113.53.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    159.113.53.23.in-addr.arpa
    IN PTR
    Response
    159.113.53.23.in-addr.arpa
    IN PTR
    a23-53-113-159deploystaticakamaitechnologiescom
  • 52.142.223.178:80
    46 B
     1
  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    89.16.208.104.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    89.16.208.104.in-addr.arpa

  • 8.8.8.8:53
    25.140.123.92.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    25.140.123.92.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    159.113.53.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    159.113.53.23.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/380-0-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-1-0x00000000774F4000-0x00000000774F5000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-13-0x00000000052D0000-0x00000000052D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-12-0x0000000005350000-0x0000000005351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-11-0x0000000005310000-0x0000000005311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-10-0x0000000005370000-0x0000000005371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-9-0x0000000005380000-0x0000000005381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-8-0x0000000005330000-0x0000000005331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-7-0x0000000005340000-0x0000000005341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-6-0x00000000052E0000-0x00000000052E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-5-0x0000000005360000-0x0000000005361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-4-0x00000000052F0000-0x00000000052F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-3-0x0000000005300000-0x0000000005301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-2-0x0000000005320000-0x0000000005321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-14-0x00000000053B0000-0x00000000053B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/380-15-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-16-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-17-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-18-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-19-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-20-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-21-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-22-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-23-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-24-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-25-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-26-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-27-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-28-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-29-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-30-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-31-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-32-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-33-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-34-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-35-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-36-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-37-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-38-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-39-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-40-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-41-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-42-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-43-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-44-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.