Overview

overview

10

Static

static

3

8832a0cb21...c0.exe

windows7-x64

10

8832a0cb21...c0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    18/06/2024, 19:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8832a0cb2173894f538ee8cd8de6943c84d1e591a92b4cf2233d66514b0ca6c0.exe

  • Size

    1.3MB

  • MD5

    c1cb50e0a9b7d8c78fc68e28de032402

  • SHA1

    73880421712db89a6b68e4ecf69582c4be558e5d

  • SHA256

    8832a0cb2173894f538ee8cd8de6943c84d1e591a92b4cf2233d66514b0ca6c0

  • SHA512

    4e48c483b3bc9bc7cb63ac9c29ca3a964cbf6e6a93c246ce73897cc1ff23341c8b109b3979717793f661a77bb6415a56f9f276998ecbb0f966939ef3b6913deb

  • SSDEEP

    24576:mjCKpOoILo/BmNpHV3COw8LwQYN2K3yWds0JkKyVagDoIl9UAmPn8MBP1XQT+:aVpjL/U9COJLl9adsLUgDpjLKxBCT+

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8832a0cb2173894f538ee8cd8de6943c84d1e591a92b4cf2233d66514b0ca6c0.exe
    "C:\Users\Admin\AppData\Local\Temp\8832a0cb2173894f538ee8cd8de6943c84d1e591a92b4cf2233d66514b0ca6c0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2432-2-0x0000000000D14000-0x0000000000DB2000-memory.dmp

    Filesize

    632KB

    Download

  • memory/2432-1-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-4-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-5-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-6-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-7-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-8-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-9-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-10-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-11-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-12-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-13-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-14-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-15-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-16-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-17-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2432-18-0x0000000000880000-0x0000000000DB2000-memory.dmp

    Filesize

    5.2MB

    Download