Overview

overview

10

Static

static

10

Rise.zip

windows10-ltsc 2021-x64

1

Rise.zip

windows11-21h2-x64

1

Rise 6.1.31/Rise.jar

windows10-ltsc 2021-x64

6

Rise 6.1.31/Rise.jar

windows11-21h2-x64

6

Rise 6.1.31/start.cmd

windows10-ltsc 2021-x64

6

Rise 6.1.31/start.cmd

windows11-21h2-x64

6

Analysis

  • max time kernel
    517s
  • max time network
    459s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-10-2024 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rise 6.1.31/Rise.jar

  • Size

    7.5MB

  • MD5

    9187f658f00274786ee64db327c79a49

  • SHA1

    3d6247d3fa318a17d27e07ccd1196b7bcc80bf4e

  • SHA256

    4b94448f18a732d56cc170623b76551573756839963fe99df7776854e7752753

  • SHA512

    7792dd1587f1f3aa1441044d1ac45427f73c4df5a88893fdf505250a4a08c4b4d79b544c495f5cf60cbe67febbeaf2ad540795ec300d52e2be2510b3ceb9dd1f

  • SSDEEP

    196608:/Kjhs0l+M1VKYezr+cawLPjwiKUm6+m7Kf0qzRq8PwtR:CH1VNw+zwbua29zfP8R

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\Rise 6.1.31\Rise.jar"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5076
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960652644.tmp
      2⤵
      • Views/modifies file attributes
      PID:4472
    • C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960652644.tmp" /f"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Windows\system32\reg.exe
        REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960652644.tmp" /f
        3⤵
        • Adds Run key to start application
        PID:3592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960652644.tmp
    Filesize

    7.5MB

    MD5

    9187f658f00274786ee64db327c79a49

    SHA1

    3d6247d3fa318a17d27e07ccd1196b7bcc80bf4e

    SHA256

    4b94448f18a732d56cc170623b76551573756839963fe99df7776854e7752753

    SHA512

    7792dd1587f1f3aa1441044d1ac45427f73c4df5a88893fdf505250a4a08c4b4d79b544c495f5cf60cbe67febbeaf2ad540795ec300d52e2be2510b3ceb9dd1f

    Download Submit

  • memory/5076-2-0x00000171A6C70000-0x00000171A6EE0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/5076-15-0x00000171A6EE0000-0x00000171A6EF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-17-0x00000171A6EF0000-0x00000171A6F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-19-0x00000171A6F00000-0x00000171A6F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-21-0x00000171A6F10000-0x00000171A6F20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-23-0x00000171A6F20000-0x00000171A6F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-25-0x00000171A6F30000-0x00000171A6F40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-26-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-29-0x00000171A6F40000-0x00000171A6F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-30-0x00000171A6F50000-0x00000171A6F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-39-0x00000171A6C70000-0x00000171A6EE0000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/5076-38-0x00000171A6F70000-0x00000171A6F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-37-0x00000171A6F60000-0x00000171A6F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-44-0x00000171A6F80000-0x00000171A6F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-43-0x00000171A6EE0000-0x00000171A6EF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-42-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-45-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-47-0x00000171A6EF0000-0x00000171A6F00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-48-0x00000171A6F90000-0x00000171A6FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-53-0x00000171A6F00000-0x00000171A6F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-54-0x00000171A6FA0000-0x00000171A6FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-58-0x00000171A6FB0000-0x00000171A6FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-57-0x00000171A6F10000-0x00000171A6F20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-62-0x00000171A6F20000-0x00000171A6F30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-63-0x00000171A6FC0000-0x00000171A6FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-65-0x00000171A6F30000-0x00000171A6F40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-66-0x00000171A6FD0000-0x00000171A6FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-67-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-70-0x00000171A6FE0000-0x00000171A6FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-69-0x00000171A6F40000-0x00000171A6F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-72-0x00000171A6F50000-0x00000171A6F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-73-0x00000171A6FF0000-0x00000171A7000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-76-0x00000171A6F60000-0x00000171A6F70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-77-0x00000171A6F70000-0x00000171A6F80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-78-0x00000171A7000000-0x00000171A7010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-81-0x00000171A7010000-0x00000171A7020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-83-0x00000171A6F80000-0x00000171A6F90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-84-0x00000171A7020000-0x00000171A7030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-88-0x00000171A7030000-0x00000171A7040000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-87-0x00000171A6F90000-0x00000171A6FA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-90-0x00000171A6FA0000-0x00000171A6FB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-91-0x00000171A7040000-0x00000171A7050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-94-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-95-0x00000171A6FB0000-0x00000171A6FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-98-0x00000171A6FC0000-0x00000171A6FD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-99-0x00000171A7050000-0x00000171A7060000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-101-0x00000171A6FD0000-0x00000171A6FE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-102-0x00000171A7060000-0x00000171A7070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-104-0x00000171A6FE0000-0x00000171A6FF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-105-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-106-0x00000171A6FF0000-0x00000171A7000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-107-0x00000171A7000000-0x00000171A7010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-108-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-111-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-112-0x00000171A7010000-0x00000171A7020000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-113-0x00000171A7020000-0x00000171A7030000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-115-0x00000171A7030000-0x00000171A7040000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-116-0x00000171A7040000-0x00000171A7050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-117-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-120-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-121-0x00000171A7050000-0x00000171A7060000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-122-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-123-0x00000171A7060000-0x00000171A7070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-124-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-129-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-132-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-134-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-137-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-138-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-139-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-142-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-143-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-145-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-146-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-149-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-151-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-154-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-155-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-156-0x00000171A7070000-0x00000171A7080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-158-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-161-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-162-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-164-0x00000171A7070000-0x00000171A7080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-168-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-169-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-171-0x00000171A7080000-0x00000171A7090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-174-0x00000171A7080000-0x00000171A7090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-176-0x00000171A7090000-0x00000171A70A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-182-0x00000171A70A0000-0x00000171A70B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-184-0x00000171A70B0000-0x00000171A70C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-187-0x00000171A70C0000-0x00000171A70D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-186-0x00000171A70B0000-0x00000171A70C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-189-0x00000171A70C0000-0x00000171A70D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-192-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-195-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-199-0x00000171A70D0000-0x00000171A70E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-198-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5076-200-0x00000171A70D0000-0x00000171A70E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-201-0x00000171A70E0000-0x00000171A70F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-202-0x00000171A53F0000-0x00000171A53F1000-memory.dmp

    Filesize

    4KB

    Download