Analysis
-
max time kernel
146s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
15-06-2024 20:28
Static task
static1
Behavioral task
behavioral1
Sample
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
Resource
win7-20240611-en
General
-
Target
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
-
Size
1.3MB
-
MD5
db39bf2a9a9ffd27311d830b1fcef1d6
-
SHA1
7c58a33bd7af1b0062c226460f27911b59143e34
-
SHA256
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4
-
SHA512
d2de694cbb814a23f29fd8adf52267b1324bb9cda148929d14379f2c224aa288b9f4fbaf73428f5a63579884cd8d0c829d5fd9b52ad000c75a5b6c00212a3d22
-
SSDEEP
24576:nWSXtklHZE4xj3ecs35Ga5ZLIwQqBaWnBCqX/krU0W0RQZ:WSXsedpGaHIlqBaWntX/kguk
Malware Config
Extracted
risepro
147.45.47.126:58709
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exepid process 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exepid process 2244 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe"C:\Users\Admin\AppData\Local\Temp\608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2244
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2244-0-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-2-0x0000000000E84000-0x0000000000F22000-memory.dmpFilesize
632KB
-
memory/2244-1-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-4-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-5-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-6-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-7-0x0000000000E84000-0x0000000000F22000-memory.dmpFilesize
632KB
-
memory/2244-8-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-9-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-10-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-11-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-12-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-13-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-14-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-15-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-16-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-17-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-18-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB
-
memory/2244-19-0x00000000009F0000-0x0000000000F22000-memory.dmpFilesize
5.2MB