privateloader | e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d

Analysis

max time kernel
296s
max time network
300s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 06:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d.exe
Size

5.5MB
MD5

56c147c6c6f51cb02984a1f48b7cecea
SHA1

9489e556c2b3d52d7a749be789cd73fb55c476a7
SHA256

e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d
SHA512

8de919c290b2a27ac922c0956e581fd2a4b036f42c2353e4e4c1a231efeb40935e0c48db18ae7d04b7ffb86b9486e45a3dc897054000fea310dd12fb2c45aa7f
SSDEEP

98304:AErV/1KzgHzh/QtEQFvVWpaub/1HwZm6O9VOosVtjL1AvASTbhsI:fV/oEHN/QtEgvuzx/J9MosVl1DS

Score

10^/10

privateloader risepro loader stealer vmprotect

Malware Config

Extracted

Family

risepro

194.169.175.123

Signatures

PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2136-35-0x0000000001250000-0x0000000001C22000-memory.dmp	vmprotect
behavioral1/memory/2136-36-0x0000000001250000-0x0000000001C22000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2136	e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d.exe

C:\Users\Admin\AppData\Local\Temp\e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d.exe
"C:\Users\Admin\AppData\Local\Temp\e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2136-2-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2136-0-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2136-4-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2136-5-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2136-7-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2136-9-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2136-19-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2136-32-0x0000000001389000-0x00000000016A3000-memory.dmp

Filesize
3.1MB

Download
memory/2136-35-0x0000000001250000-0x0000000001C22000-memory.dmp

Filesize
9.8MB

Download
memory/2136-29-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2136-27-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2136-24-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2136-22-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2136-17-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2136-14-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2136-12-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2136-36-0x0000000001250000-0x0000000001C22000-memory.dmp

Filesize
9.8MB

Download