Overview

overview

3

Static

static

3

Rise v6.1.25.zip

windows7-x64

1

Rise v6.1.25.zip

windows10-2004-x64

1

Rise 6.1.2...erties

windows7-x64

3

Rise 6.1.2...erties

windows10-2004-x64

3

Rise 6.1.2...vm.cfg

windows7-x64

3

Rise 6.1.2...vm.cfg

windows10-2004-x64

3

Rise 6.1.2...erties

windows7-x64

3

Rise 6.1.2...erties

windows10-2004-x64

3

Analysis

  • max time kernel
    359s
  • max time network
    370s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rise 6.1.25 beta fix/files/azul-1.8.9_345/lib/accessibility.properties

  • Size

    149B

  • MD5

    2ed483df31645d3d00c625c00c1e5a14

  • SHA1

    27c9b302d2d47aae04fc1f4ef9127a2835a77853

  • SHA256

    68ef2f3c6d7636e39c6626ed1bd700e3a6b796c25a9e5feca4533abfacd61cdf

  • SHA512

    4bf6d06f2ceaf070df4bd734370def74a6dd545fd40efd64a948e1422470ef39e37a4909feeb8f0731d5badb3dd9086e96dace6bdca7bbd3078e8383b16894da

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Rise 6.1.25 beta fix\files\azul-1.8.9_345\lib\accessibility.properties"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Rise 6.1.25 beta fix\files\azul-1.8.9_345\lib\accessibility.properties
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Rise 6.1.25 beta fix\files\azul-1.8.9_345\lib\accessibility.properties"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    873bb89b7394f33fa5fb854b6c729cab

    SHA1

    e5cccfc445ebf86da206537e349b42cb7411e6fd

    SHA256

    1cbf925637f742018cba1e0940342cb2ffea9a5c27fcc1df4c55d2c06ab98b93

    SHA512

    f4d3b478e4f51c27eabc46d57d8940f5944c5302aca6ef0d7f253edd846395bd935a8a15b9999c1f817c64cd3c97d84764c4d1215c6cbe8f9015b842795cc22f

    Download Submit