Analysis
-
max time kernel
146s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 00:18
Static task
static1
Behavioral task
behavioral1
Sample
a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe
Resource
win7-20240611-en
General
-
Target
a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe
-
Size
1.3MB
-
MD5
b4e3456d31ea64deeaec8df77f80f573
-
SHA1
d852e60582f4b66cc6a835e298af0e7e9b79349f
-
SHA256
a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d
-
SHA512
8a674e53df55e789944c8815c782a60fb288d684802c7c9badaaee27b5982094a555a5685a30e3606c7bff534c62bb708f2b42107149a8265df68314e0ca5d7f
-
SSDEEP
24576:1WzFkKH5o8Y1V+mndotMh3Jo2SheVwQE6icoEC829Py:QJkKZq1qQJo2SheVlboEgPy
Malware Config
Extracted
risepro
147.45.47.126:58709
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exepid process 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exepid process 2008 a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe"C:\Users\Admin\AppData\Local\Temp\a71c0b54849f6a15a4902fdfb1395ed2a4025581d09d3201bfbf6ab95d79746d.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2008
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2008-1-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-2-0x0000000000AE4000-0x0000000000B82000-memory.dmpFilesize
632KB
-
memory/2008-4-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-5-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-6-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-7-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-8-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-9-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-10-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-11-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-12-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-13-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-14-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-15-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-16-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-17-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB
-
memory/2008-18-0x0000000000650000-0x0000000000B82000-memory.dmpFilesize
5.2MB