Overview

overview

10

Static

static

10

94db25630e...61.exe

windows7-x64

10

94db25630e...61.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    162s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61.exe

  • Size

    5.1MB

  • MD5

    029b4a16951a6fb1f6a1fda9b39769b7

  • SHA1

    a64e56dc24e713637af0ef71b279f39843e0f0eb

  • SHA256

    94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61

  • SHA512

    3a117b879f96c42387cc088a2f05f441222f0dfbfb4f405f1e09bc03f92cdfb27ffa986a1f9ad4ad1e6e8d2387d3c367a54dcf51a7c2e1f32f48fb15b8406bfc

  • SSDEEP

    98304:tfblDCLzsVGzo6WvZ4vALxjloC4/ozr0J:tblO8V+o6dv4iFAnc

Score
10/10
privateloaderriseproevasionloaderstealerthemidatrojan

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 1 IoCs
    evasion
  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Detects executables packed with Themida 12 IoCs
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 12 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 4 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61.exe
    "C:\Users\Admin\AppData\Local\Temp\94db25630e224de4d562f408ca6ed1259eae3645931174fcd57c07ad6933aa61.exe"
    1⤵
    • Modifies firewall policy service
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:640
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
    1⤵
      PID:1664
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
      1⤵
        PID:1648
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:1736

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/640-0-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-1-0x00000000769C0000-0x00000000769C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/640-2-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-4-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-3-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-5-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-6-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-7-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-8-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-9-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-10-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-11-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-12-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-14-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-13-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-15-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-16-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-17-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-26-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-25-0x00000000769C0000-0x00000000769C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/640-24-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download

        • memory/640-27-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-28-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-29-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-30-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-31-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-32-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-34-0x00000000769A0000-0x0000000076A90000-memory.dmp

          Filesize

          960KB

          Download

        • memory/640-33-0x0000000000A10000-0x00000000010D7000-memory.dmp

          Filesize

          6.8MB

          Download