Overview

overview

10

Static

static

7

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    296s
  • max time network
    297s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 06:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe

  • Size

    3.0MB

  • MD5

    6613a27c78faa0eb9ad09b72455fa28e

  • SHA1

    95ebfa417387a8831e0961927e8363aab493c380

  • SHA256

    8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264

  • SHA512

    1263ab5f8628d10b3ccceed7011c22a7aacff99ba4fbd2af0bce153c4b5f78e964cc76961fc05d59ffa01a5d977dbede639e40b18351120f7651da024d0bbced

  • SSDEEP

    98304:LV9iHdnyVZm1u8IlK9Kd0pAAS7A+06WWWThivC:5sHdnruPlK9y0RN+sThkC

Score
10/10
privateloaderriseproloaderstealervmprotect

Malware Config

Extracted

Family

risepro

C2

194.169.175.128

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe
    "C:\Users\Admin\AppData\Local\Temp\8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe"
    1⤵
      PID:2592

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2592-0-0x0000000000860000-0x0000000000DEB000-memory.dmp

            Filesize

            5.5MB

            Download