Overview

overview

10

Static

static

7

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    296s
  • max time network
    303s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02-05-2024 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe

  • Size

    3.0MB

  • MD5

    6613a27c78faa0eb9ad09b72455fa28e

  • SHA1

    95ebfa417387a8831e0961927e8363aab493c380

  • SHA256

    8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264

  • SHA512

    1263ab5f8628d10b3ccceed7011c22a7aacff99ba4fbd2af0bce153c4b5f78e964cc76961fc05d59ffa01a5d977dbede639e40b18351120f7651da024d0bbced

  • SSDEEP

    98304:LV9iHdnyVZm1u8IlK9Kd0pAAS7A+06WWWThivC:5sHdnruPlK9y0RN+sThkC

Score
10/10
privateloaderriseproloaderstealervmprotect

Malware Config

Extracted

Family

risepro

C2

194.169.175.128

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe
    "C:\Users\Admin\AppData\Local\Temp\8f9cfe0ba46921b15f850c0c8796ae17abfe5883026c2efb34e7e3cdedc61264.exe"
    1⤵
      PID:1268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1268-1-0x00000000013A0000-0x000000000192B000-memory.dmp

      Filesize

      5.5MB

      Download