risepro | 00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 10:53

Target

7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe
Size

1.8MB
MD5

7fc744e8d5f2c7c533dd995a5d0c1d30
SHA1

f8220ea06b9c3e5d31a203f63787bd502780f33c
SHA256

00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797
SHA512

c3a96071bdabaaca5689f11c14505d0d4bd8f877a7aaf6ce5b376db46cd589819bf810c68f704197a9a91b7ce46217e7a05c3f86b7d64cd61a7a367178e68aeb
SSDEEP

49152:cyrEETqGrGGWynfIfGzXH0Bf5GlQyMSCGT:cyrEEPKG9woXreyMZGT

Score

10^/10

risepro stealer

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3096 set thread context of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82
PID 3096 wrote to memory of 1984	3096	7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe	82

C:\Users\Admin\AppData\Local\Temp\7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7fc744e8d5f2c7c533dd995a5d0c1d30_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3096
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1984

memory/1984-1-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/1984-3-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/1984-2-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/1984-5-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/3096-0-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download