risepro | 038147fba2c54767ec6034e9e7c6a9fdffe4d3388a36ae61de5043843c941c34

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

6.4MB
MD5

ef7fba013fbe8829b6a7037170693d19
SHA1

63f02a3437d0e572fb284f826f8cc6ce4996e5bc
SHA256

038147fba2c54767ec6034e9e7c6a9fdffe4d3388a36ae61de5043843c941c34
SHA512

9550b68e14dc2217e28efd19a67e5f0327eae7660d04d6c5c6adbb6742ba0b157e671830d3b0cc9bb3192ad75ef981be4f0c9d9242a938a370ad360a18eecc45
SSDEEP

196608:6SLpeEaPy4MSpBcb9piUx6lNO35RAcI1:60eEaPy4h09MUJ3vV

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

77.91.77.180:50500

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2848 set thread context of 2648	2848	file.exe	29

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2848	file.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2848	file.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2644	2848	file.exe	28
PID 2848 wrote to memory of 2644	2848	file.exe	28
PID 2848 wrote to memory of 2644	2848	file.exe	28
PID 2848 wrote to memory of 2644	2848	file.exe	28
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29
PID 2848 wrote to memory of 2648	2848	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2644
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2648-66-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2648-80-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2648-79-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2648-68-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2848-46-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-2-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2848-5-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-6-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-19-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-38-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-56-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-55-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-42-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-63-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-64-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-61-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-65-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2848-52-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-50-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-48-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-0-0x00000000747AE000-0x00000000747AF000-memory.dmp

Filesize
4KB

Download
memory/2848-44-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-58-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-22-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-26-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-34-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-32-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-30-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-28-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-37-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-24-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-20-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-16-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-14-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-13-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-10-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-8-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-4-0x0000000000A00000-0x0000000000A1C000-memory.dmp

Filesize
112KB

Download
memory/2848-3-0x0000000005760000-0x0000000005A12000-memory.dmp

Filesize
2.7MB

Download
memory/2848-77-0x00000000747A0000-0x0000000074E8E000-memory.dmp

Filesize
6.9MB

Download
memory/2848-40-0x0000000000A00000-0x0000000000A15000-memory.dmp

Filesize
84KB

Download
memory/2848-1-0x0000000000B70000-0x00000000011E6000-memory.dmp

Filesize
6.5MB

Download