Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/06/2024, 01:27 UTC

General

  • Target

    94284c6c824e373fbdcfe0b241e80c2daf11b863cc3af286f194f868dfbc080f.exe

  • Size

    2.3MB

  • MD5

    f4444addd56481108fc871aa14adf9ec

  • SHA1

    95e9fe62695c7f9ad3d1ba5e3b044175809bc26a

  • SHA256

    94284c6c824e373fbdcfe0b241e80c2daf11b863cc3af286f194f868dfbc080f

  • SHA512

    a600e4b11bf2cf674bb2d1ef6055477486c549cd4e94ef3609de43cde0c8cb4b29a97b5955c00c3f6a3ad7f5c68fd15dea2b05c8c6d72246ab22b50fe446c028

  • SSDEEP

    49152:i1NUJk5rmBmtSSYLd2JcBSlF6V0Jxy1gbGPLh8/BL8Pgbm3qMyXrC:aSWVm8tSSYZZBS/+0OgbG18iP6H1rC

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94284c6c824e373fbdcfe0b241e80c2daf11b863cc3af286f194f868dfbc080f.exe
    "C:\Users\Admin\AppData\Local\Temp\94284c6c824e373fbdcfe0b241e80c2daf11b863cc3af286f194f868dfbc080f.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:4844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4844-0-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-1-0x0000000077306000-0x0000000077308000-memory.dmp

    Filesize

    8KB

  • memory/4844-2-0x00000000009B1000-0x0000000000A5D000-memory.dmp

    Filesize

    688KB

  • memory/4844-3-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-4-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-5-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-6-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-7-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-8-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-9-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-10-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-11-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-12-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-13-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-14-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-15-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-16-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-17-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-18-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-19-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-20-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

  • memory/4844-21-0x00000000009B0000-0x0000000000F9D000-memory.dmp

    Filesize

    5.9MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.