risepro | 22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 04:17

Target

22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe
Size

3.5MB
MD5

58aad4006989a7eb9db2529437a823b8
SHA1

add7a59bd5108fdeb02cb6ec89bfae3e6f2823a4
SHA256

22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607
SHA512

f6cf24d76ac713a690a5d0901509dbfcd6a86672bd9390734f8d82ec69f42a4e796e2eb6ca77ce10a081349dfcf59655b8baf4f445c318183c1dd4509465263e
SSDEEP

49152:fhlqRJ/icXbBUME7zCp6dzybrUoOdYpR3o7YHPPrvLODvmwvHdZSvws:fPNPPCWqIda3XPrvLODf2

Score

10^/10

risepro stealer

Family

risepro

54.180.28.87:50500

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3964 set thread context of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94
PID 3964 wrote to memory of 2504	3964	22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe	94

C:\Users\Admin\AppData\Local\Temp\22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe
"C:\Users\Admin\AppData\Local\Temp\22b46a99bfb9233d2e72d392e4b1d36c9c61ae30fe56334ff1b2b0ccb0dca607.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2504

memory/2504-2-0x0000000000400000-0x000000000087A000-memory.dmp

Filesize
4.5MB

Download
memory/2504-5-0x0000000000400000-0x000000000087A000-memory.dmp

Filesize
4.5MB

Download
memory/2504-8-0x0000000000400000-0x000000000087A000-memory.dmp

Filesize
4.5MB

Download
memory/2504-9-0x0000000000400000-0x000000000087A000-memory.dmp

Filesize
4.5MB

Download
memory/2504-12-0x0000000000400000-0x000000000087A000-memory.dmp

Filesize
4.5MB

Download
memory/3964-0-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/3964-1-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/3964-3-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download