Malware Analysis Report

2024-10-10 12:03

Sample ID 240609-svjcsscf25
Target MBSetup.exe
SHA256 3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f
Tags
risepro discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f

Threat Level: Known bad

The file MBSetup.exe was found to be: Known bad.

Malicious Activity Summary

risepro discovery

Risepro family

Drops file in Drivers directory

Checks BIOS information in registry

Checks installed software on the system

Drops file in Program Files directory

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 15:26

Signatures

Risepro family

risepro

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 15:26

Reported

2024-06-10 00:05

Platform

win10v2004-20240508-en

Max time kernel

1350s

Max time network

1178s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\mbamtestfile.dat C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe

"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.69.33.72:443 api2.amplitude.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 72.33.69.54.in-addr.arpa udp
US 8.8.8.8:53 101.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 34.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

N/A