Overview

overview

10

Static

static

3

636c60dc7d...df.exe

windows7-x64

5

636c60dc7d...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-06-2024 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636c60dc7d171ffa91d5abde8f6e1e674b7c16522c6d635008f7a9fb15ce30df.exe

  • Size

    1.3MB

  • MD5

    01e22376682c86e34747d61e7916ae2e

  • SHA1

    35b3892f0ef1bffadfa75517062c64686ab2dcad

  • SHA256

    636c60dc7d171ffa91d5abde8f6e1e674b7c16522c6d635008f7a9fb15ce30df

  • SHA512

    277d5328142a24c2f3ad48092f04bdcb41987a9a7654c9a3caacb48085787448207d94e6b2c6dafb3e2a57446c3ee6ce5b699c8c83439b3d654df07a5672a84f

  • SSDEEP

    24576:X2/bWK1h1InhQa8XF68MWDIywQA/BaWnBCqCnHC3Hke+UFB77:mTph1I816/yloBaWntCnHCk8

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\636c60dc7d171ffa91d5abde8f6e1e674b7c16522c6d635008f7a9fb15ce30df.exe
    "C:\Users\Admin\AppData\Local\Temp\636c60dc7d171ffa91d5abde8f6e1e674b7c16522c6d635008f7a9fb15ce30df.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:3764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3764-0-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-1-0x00000000004E4000-0x0000000000582000-memory.dmp

    Filesize

    632KB

    Download

  • memory/3764-3-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-4-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-5-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-6-0x00000000004E4000-0x0000000000582000-memory.dmp

    Filesize

    632KB

    Download

  • memory/3764-7-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-8-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-9-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-10-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-11-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-12-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-13-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-14-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-15-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-16-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-17-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/3764-18-0x0000000000050000-0x0000000000582000-memory.dmp

    Filesize

    5.2MB

    Download