Overview

overview

10

Static

static

3

91220ea968...9f.exe

windows7-x64

10

91220ea968...9f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91220ea968185dd609d43a3c3d646d86c1ea4ef57f03b0747ebbcd00db8cc79f.exe

  • Size

    1.3MB

  • MD5

    4594caf12c9949e21e67775790584682

  • SHA1

    8203c7f18a0bca42cc4a86437b08fe12feaf0d95

  • SHA256

    91220ea968185dd609d43a3c3d646d86c1ea4ef57f03b0747ebbcd00db8cc79f

  • SHA512

    91a3fb9cc271b861d71e2250157dba061014fab460d771cf3f65a38b7a1eff17a29d8b50788d6a11011322d077992df1a37f49ca68fcd88fcb4d785b7ae40dd8

  • SSDEEP

    24576:PTy7utVrM8ncI61H9majYW20gmMQrTnTgwQwyEvO70L6D6Xo0:PHtLnWdHYW20dTglfQL3Xp

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\91220ea968185dd609d43a3c3d646d86c1ea4ef57f03b0747ebbcd00db8cc79f.exe
    "C:\Users\Admin\AppData\Local\Temp\91220ea968185dd609d43a3c3d646d86c1ea4ef57f03b0747ebbcd00db8cc79f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3008-0-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-1-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-2-0x0000000000DB4000-0x0000000000E52000-memory.dmp

    Filesize

    632KB

    Download

  • memory/3008-4-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-5-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-6-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-7-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-8-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-9-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-10-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-11-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-12-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-13-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-14-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-15-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-16-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-17-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3008-18-0x0000000000920000-0x0000000000E52000-memory.dmp

    Filesize

    5.2MB

    Download