risepro | fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 08:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

7.5MB
MD5

ed5b1701e46aa9b8915e2c407802ad8a
SHA1

a9a4fdf15431716b9ad56c38181f2e4d20d5e66b
SHA256

fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9
SHA512

4692c54c831fd600380131c3cb8f6a86543da19bd64f424082b0bc3c3f2286a85aad2a0235e8716b0a81ede2591d17f7c849421b90592a0c37003c0a25b8b0eb
SSDEEP

98304:88T8pL9gfNShiK0esxzePg+SeAhAgKbAYOSpkyxE+Hs2tc2oXlpSd0b:88T8pL9gfNSwK0eIhlKbAYHxE+1o+dQ

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

77.91.77.180:50500

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3816 set thread context of 4092	3816	file.exe	92

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3816	file.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92
PID 3816 wrote to memory of 4092	3816	file.exe	92

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3728,i,3409420486566309625,12100452682816721435,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:8
1⤵
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3816-27-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-25-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-43-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-3-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/3816-4-0x00000000052E0000-0x00000000055A2000-memory.dmp

Filesize
2.8MB

Download
memory/3816-5-0x00000000055D0000-0x00000000055EC000-memory.dmp

Filesize
112KB

Download
memory/3816-7-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-47-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-65-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-63-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-6-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-45-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-49-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-9-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-61-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-59-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-58-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-55-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-53-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-51-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-70-0x00000000752D0000-0x0000000075A80000-memory.dmp

Filesize
7.7MB

Download
memory/3816-13-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-2-0x0000000005240000-0x00000000052DC000-memory.dmp

Filesize
624KB

Download
memory/3816-41-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-39-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-37-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-35-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-33-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-31-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-29-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-0-0x00000000752DE000-0x00000000752DF000-memory.dmp

Filesize
4KB

Download
memory/3816-1-0x00000000000A0000-0x0000000000820000-memory.dmp

Filesize
7.5MB

Download
memory/3816-23-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-22-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-19-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-17-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-15-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/3816-11-0x00000000055D0000-0x00000000055E5000-memory.dmp

Filesize
84KB

Download
memory/4092-66-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/4092-67-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/4092-68-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/4092-71-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads