Analysis
-
max time kernel
144s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 01:11
Static task
static1
Behavioral task
behavioral1
Sample
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
Resource
win7-20240611-en
General
-
Target
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
-
Size
1.3MB
-
MD5
97ac9a9c06f656d1daf9b579cf7aeb38
-
SHA1
60b6b47fd981afb55510c08652600892fcd1e46f
-
SHA256
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2
-
SHA512
2cb9585989e02020ad220a440699f5ca5e99ecc2c7e6c779c185a6ad49db7a76d0150ded7afff6c69f0699e8f3fd0a76e54380dcf9e305dfac7331449d848bf2
-
SSDEEP
24576:9Okq/nU9O8xV4ZsyXsI2bDXaOsYQwQfsiK3W3R2ZyRCn:QR/nU9NxV4qyXn5yQlw3Wh2ZuCn
Malware Config
Extracted
risepro
147.45.47.126:58709
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exepid process 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exepid process 1472 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe"C:\Users\Admin\AppData\Local\Temp\5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1472
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1472-1-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-2-0x0000000000F64000-0x0000000001002000-memory.dmpFilesize
632KB
-
memory/1472-4-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-5-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-6-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-7-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-8-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-9-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-10-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-11-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-12-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-13-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-14-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-15-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-16-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-17-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB
-
memory/1472-18-0x0000000000AD0000-0x0000000001002000-memory.dmpFilesize
5.2MB