Analysis
-
max time kernel
142s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 20:28
Static task
static1
Behavioral task
behavioral1
Sample
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
Resource
win7-20240611-en
General
-
Target
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
-
Size
1.3MB
-
MD5
db39bf2a9a9ffd27311d830b1fcef1d6
-
SHA1
7c58a33bd7af1b0062c226460f27911b59143e34
-
SHA256
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4
-
SHA512
d2de694cbb814a23f29fd8adf52267b1324bb9cda148929d14379f2c224aa288b9f4fbaf73428f5a63579884cd8d0c829d5fd9b52ad000c75a5b6c00212a3d22
-
SSDEEP
24576:nWSXtklHZE4xj3ecs35Ga5ZLIwQqBaWnBCqX/krU0W0RQZ:WSXsedpGaHIlqBaWntX/kguk
Malware Config
Extracted
risepro
147.45.47.126:58709
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exepid process 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exepid process 4140 608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe"C:\Users\Admin\AppData\Local\Temp\608228da95d9ee87954bc1138a97e58fe18bfe2745a6b1ca418b9e6d2ef23df4.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4140
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4140-0-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-1-0x00000000009E4000-0x0000000000A82000-memory.dmpFilesize
632KB
-
memory/4140-3-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-4-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-5-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-6-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-7-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-8-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-9-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-10-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-11-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-12-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-13-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-14-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-15-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-16-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB
-
memory/4140-17-0x0000000000550000-0x0000000000A82000-memory.dmpFilesize
5.2MB