Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 06:11
Static task
static1
Behavioral task
behavioral1
Sample
921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe
Resource
win7-20240221-en
General
-
Target
921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe
-
Size
1.3MB
-
MD5
37fe7c8f9f8bf8bd24091bc842417556
-
SHA1
eb2b193e1ff45fb04bbb0354162756d0c1e21cce
-
SHA256
921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d
-
SHA512
05f4cf2fd9726674d5a520cdbce6677367726282efd6b1b211cc9d85621ffac61151721ec0aa09908c10d5ebc6f9759735d42ea434b894e301a60ab08c5cc50b
-
SSDEEP
24576:XxZuJF3TCJn6dwDoepfbHMiIKojMiE1M0wQ9iyIakELC2+zV32otcheSP0D:XCeFbX9oAX1M0lcL8CxmochZ
Malware Config
Extracted
risepro
147.45.47.126:58709
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exepid process 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exepid process 2032 921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe"C:\Users\Admin\AppData\Local\Temp\921135846085b2319437e136b1d49513aff1809aafc1990d99097888e8f2e60d.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2032
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-0-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-2-0x0000000001214000-0x00000000012B2000-memory.dmpFilesize
632KB
-
memory/2032-1-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-4-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-5-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-6-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-7-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-8-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-9-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-10-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-11-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-12-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-13-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-14-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-15-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-16-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-17-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB
-
memory/2032-18-0x0000000000D80000-0x00000000012B2000-memory.dmpFilesize
5.2MB