Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    291s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7.exe

  • Size

    2.3MB

  • MD5

    e97a92bda3e0fa17352c15cceb5c5dd9

  • SHA1

    62ade664c0dc9c774995684e23cf49eaeaf23165

  • SHA256

    459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7

  • SHA512

    2adec5ed0a453c6ab45cecb72d269d48fcca54fd5edc41f1414d3cebb83bca5fd19bf6a66f2635df1f9d451a044ebc900a5034d8691531d4db7c357feefbf0a1

  • SSDEEP

    49152:ztxoYb9lBEBtFQXabxx/XtF4X5nZAoZvlxZnPoWndIFXADZ1:zlrBFXWtuplZNLPhIFXADZ1

Score
10/10
riseproevasionstealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Signatures

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7.exe
    "C:\Users\Admin\AppData\Local\Temp\459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-0-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-1-0x0000000077380000-0x0000000077382000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2000-2-0x00000000008C1000-0x000000000096D000-memory.dmp

    Filesize

    688KB

    Download

  • memory/2000-3-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-4-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-5-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-6-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-7-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-9-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-8-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-10-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-11-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-12-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-13-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-14-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-15-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-16-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-17-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-18-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-19-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-20-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-21-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-22-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-23-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-24-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-25-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-26-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-27-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-28-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-29-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-30-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-31-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-32-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-33-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-34-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-35-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2000-36-0x00000000008C0000-0x0000000000EAB000-memory.dmp

    Filesize

    5.9MB

    Download