Overview

overview

10

Static

static

3

winprofile

windows7-x64

9

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    29-04-2024 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe

  • Size

    2.3MB

  • MD5

    d665954b26db6244562a36016959d94a

  • SHA1

    73aaa0b6ec6e2fc0e29eaf2173b40ba564df8e4c

  • SHA256

    d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112

  • SHA512

    2a9e0f25a67239023c131199efef84c3b041eef478eccfef9a5059e431189fc1ccf30d35f553b7ede69ca16f93436236fa4fef061e97d27da3ebbbc030ee1bd7

  • SSDEEP

    49152:wg69SebPPiKgYyg5IqA4L7adWmIelAeSy65OfhkayZbQAO4YBAcMGoqAKZ:wg69SebiO+L4/WbI2J6cfJYbQhqAj

Score
10/10
riseproevasionstealer

Malware Config

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe
    "C:\Users\Admin\AppData\Local\Temp\d582ddf57299d550cc4069f04c4224f428574c7efa8e2fa251161139bf152112.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/380-0-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-1-0x00000000774F4000-0x00000000774F5000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-13-0x00000000052D0000-0x00000000052D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-12-0x0000000005350000-0x0000000005351000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-11-0x0000000005310000-0x0000000005311000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-10-0x0000000005370000-0x0000000005371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-9-0x0000000005380000-0x0000000005381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-8-0x0000000005330000-0x0000000005331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-7-0x0000000005340000-0x0000000005341000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-6-0x00000000052E0000-0x00000000052E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-5-0x0000000005360000-0x0000000005361000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-4-0x00000000052F0000-0x00000000052F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-3-0x0000000005300000-0x0000000005301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-2-0x0000000005320000-0x0000000005321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/380-14-0x00000000053B0000-0x00000000053B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/380-15-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-16-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-17-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-18-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-19-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-20-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-21-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-22-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-23-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-24-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-25-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-26-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-27-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-28-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-29-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-30-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-31-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-32-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-33-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-34-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-35-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-36-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-37-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-38-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-39-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-40-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-41-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-42-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-43-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/380-44-0x0000000000C20000-0x0000000001206000-memory.dmp

    Filesize

    5.9MB

    Download