risepro | 00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797

Analysis

max time kernel
195s
max time network
299s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/06/2024, 22:30

Target

00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe
Size

1.8MB
MD5

7fc744e8d5f2c7c533dd995a5d0c1d30
SHA1

f8220ea06b9c3e5d31a203f63787bd502780f33c
SHA256

00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797
SHA512

c3a96071bdabaaca5689f11c14505d0d4bd8f877a7aaf6ce5b376db46cd589819bf810c68f704197a9a91b7ce46217e7a05c3f86b7d64cd61a7a367178e68aeb
SSDEEP

49152:cyrEETqGrGGWynfIfGzXH0Bf5GlQyMSCGT:cyrEEPKG9woXreyMZGT

Score

10^/10

risepro stealer

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4404 set thread context of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 4740	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	72
PID 4404 wrote to memory of 4740	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	72
PID 4404 wrote to memory of 4740	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	72
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73
PID 4404 wrote to memory of 2928	4404	00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe	73

C:\Users\Admin\AppData\Local\Temp\00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe
"C:\Users\Admin\AppData\Local\Temp\00bb335318bc7964d7d8f58e4e3688d340431a5f38998ee257898c88874b0797.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4740
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2928

memory/2928-1-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2928-2-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2928-3-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2928-5-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/4404-0-0x0000000000DE0000-0x0000000000DE1000-memory.dmp

Filesize
4KB

Download