risepro | fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe
Size

7.5MB
MD5

ed5b1701e46aa9b8915e2c407802ad8a
SHA1

a9a4fdf15431716b9ad56c38181f2e4d20d5e66b
SHA256

fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9
SHA512

4692c54c831fd600380131c3cb8f6a86543da19bd64f424082b0bc3c3f2286a85aad2a0235e8716b0a81ede2591d17f7c849421b90592a0c37003c0a25b8b0eb
SSDEEP

98304:88T8pL9gfNShiK0esxzePg+SeAhAgKbAYOSpkyxE+Hs2tc2oXlpSd0b:88T8pL9gfNSwK0eIhlKbAYHxE+1o+dQ

Score

10^/10

risepro stealer

Malware Config

Extracted

Family

risepro

77.91.77.180:50500

Signatures

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2964 set thread context of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe
2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1716	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	85
PID 2964 wrote to memory of 1716	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	85
PID 2964 wrote to memory of 1716	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	85
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86
PID 2964 wrote to memory of 456	2964	fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe	86

C:\Users\Admin\AppData\Local\Temp\fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe
"C:\Users\Admin\AppData\Local\Temp\fad774edc5a3699e77ff65728d21606542b053da4b43ab0594339bde7eddf6e9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:1716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/456-67-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/456-66-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/456-72-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/456-68-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2964-51-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-13-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-25-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-65-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-63-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-4-0x0000000005D30000-0x0000000005FF2000-memory.dmp

Filesize
2.8MB

Download
memory/2964-3-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/2964-2-0x0000000005C90000-0x0000000005D2C000-memory.dmp

Filesize
624KB

Download
memory/2964-71-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/2964-70-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/2964-1-0x0000000000AF0000-0x0000000001270000-memory.dmp

Filesize
7.5MB

Download
memory/2964-62-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-59-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-43-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-55-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-53-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-0-0x0000000074A6E000-0x0000000074A6F000-memory.dmp

Filesize
4KB

Download
memory/2964-50-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-15-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-5-0x0000000006120000-0x000000000613C000-memory.dmp

Filesize
112KB

Download
memory/2964-57-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-41-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-39-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-37-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-35-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-33-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-31-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-29-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-27-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-23-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-21-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-19-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-17-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-46-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-11-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-10-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-7-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-47-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download
memory/2964-6-0x0000000006120000-0x0000000006135000-memory.dmp

Filesize
84KB

Download