Malware Analysis Report

2024-10-10 12:00

Sample ID 240616-cq22cavhne
Target b802776085f7c0a8b6675eeac9494f2a.bin
SHA256 f8aa82839c397d272f415a68845284232ccfe5e4875a18ff56c52f495ff4c492
Tags
risepro stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f8aa82839c397d272f415a68845284232ccfe5e4875a18ff56c52f495ff4c492

Threat Level: Known bad

The file b802776085f7c0a8b6675eeac9494f2a.bin was found to be: Known bad.

Malicious Activity Summary

risepro stealer

RisePro

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 02:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 02:17

Reported

2024-06-16 02:20

Platform

win7-20240508-en

Max time kernel

140s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe"

Signatures

RisePro

stealer risepro

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe

"C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe"

Network

N/A

Files

memory/1640-0-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-1-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-2-0x0000000001054000-0x00000000010F2000-memory.dmp

memory/1640-4-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-5-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-6-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-7-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-8-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-9-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-10-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-11-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-12-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-13-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-14-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-15-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-16-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-17-0x0000000000BC0000-0x00000000010F2000-memory.dmp

memory/1640-18-0x0000000000BC0000-0x00000000010F2000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 02:17

Reported

2024-06-16 02:20

Platform

win10v2004-20240508-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe"

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe

"C:\Users\Admin\AppData\Local\Temp\d0decbff239ced2b69327f8958ed9cca7a3d9838823a262146771f8c2bf526d7.exe"

Network

Files

memory/644-1-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-2-0x0000000001464000-0x0000000001502000-memory.dmp

memory/644-4-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-5-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-6-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-7-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-8-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-9-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-10-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-11-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-12-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-13-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-14-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-15-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-16-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-17-0x0000000000FD0000-0x0000000001502000-memory.dmp

memory/644-18-0x0000000000FD0000-0x0000000001502000-memory.dmp