risepro | fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

7.5MB
MD5

ed5b1701e46aa9b8915e2c407802ad8a
SHA1

a9a4fdf15431716b9ad56c38181f2e4d20d5e66b
SHA256

fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9
SHA512

4692c54c831fd600380131c3cb8f6a86543da19bd64f424082b0bc3c3f2286a85aad2a0235e8716b0a81ede2591d17f7c849421b90592a0c37003c0a25b8b0eb
SSDEEP

98304:88T8pL9gfNShiK0esxzePg+SeAhAgKbAYOSpkyxE+Hs2tc2oXlpSd0b:88T8pL9gfNSwK0eIhlKbAYHxE+1o+dQ

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

77.91.77.180:50500

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2104 set thread context of 2632	2104	file.exe	30

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2104	file.exe
2104	file.exe
2104	file.exe
2104	file.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2104	file.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2940	2104	file.exe	28
PID 2104 wrote to memory of 2940	2104	file.exe	28
PID 2104 wrote to memory of 2940	2104	file.exe	28
PID 2104 wrote to memory of 2940	2104	file.exe	28
PID 2104 wrote to memory of 2684	2104	file.exe	29
PID 2104 wrote to memory of 2684	2104	file.exe	29
PID 2104 wrote to memory of 2684	2104	file.exe	29
PID 2104 wrote to memory of 2684	2104	file.exe	29
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30
PID 2104 wrote to memory of 2632	2104	file.exe	30

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2940
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2684
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2104-28-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-64-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-44-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-3-0x0000000005830000-0x0000000005AF2000-memory.dmp

Filesize
2.8MB

Download
memory/2104-4-0x0000000000550000-0x000000000056C000-memory.dmp

Filesize
112KB

Download
memory/2104-5-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-6-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-46-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-65-0x0000000074580000-0x0000000074C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2104-8-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-10-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-83-0x0000000074580000-0x0000000074C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2104-48-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-62-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-61-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-58-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-56-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-54-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-52-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-50-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-12-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-1-0x0000000001330000-0x0000000001AB0000-memory.dmp

Filesize
7.5MB

Download
memory/2104-2-0x0000000074580000-0x0000000074C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2104-43-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-40-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-38-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-36-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-34-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-32-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-30-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-0-0x000000007458E000-0x000000007458F000-memory.dmp

Filesize
4KB

Download
memory/2104-26-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-24-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-22-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-20-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-18-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-16-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2104-14-0x0000000000550000-0x0000000000565000-memory.dmp

Filesize
84KB

Download
memory/2632-82-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2632-68-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2632-66-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2632-84-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download