risepro | c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4

Analysis

max time kernel
148s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
10/05/2024, 14:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
Size

3.1MB
MD5

21ec1ddf068ab00c2a297af01d29c90b
SHA1

02c5e3f5d500e6c3d48b201bf44b07f4dc5d6e2e
SHA256

c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4
SHA512

14576628af5ea15c6ba02bb0ec963666b89013f446d0ac1c0920114c0afb56f16da5a7560dd851ab128fc20cd49192855e16778bd890431d7c3f0a5a1e2a569b
SSDEEP

98304:EIb706HGC+ttERmZwSUVimc9bwbNsu4c:EIbYNC+tugwFipK5su

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

147.45.47.126:58709

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5000	c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe

C:\Users\Admin\AppData\Local\Temp\c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe
"C:\Users\Admin\AppData\Local\Temp\c99ffc20899fccc6c8bd1d083dca14179a49fcac0e68995994f957dd5ea062c4.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5000-0-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-1-0x000000007F3C0000-0x000000007F791000-memory.dmp

Filesize
3.8MB

Download
memory/5000-2-0x0000000077E14000-0x0000000077E15000-memory.dmp

Filesize
4KB

Download
memory/5000-3-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-4-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-6-0x000000007F3C0000-0x000000007F791000-memory.dmp

Filesize
3.8MB

Download
memory/5000-5-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-7-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-8-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-9-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-10-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-11-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-12-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-13-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-14-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-15-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-16-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-17-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download
memory/5000-18-0x0000000000AA0000-0x00000000015FE000-memory.dmp

Filesize
11.4MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads