2f87134211e62e2e7b2ec29e8849c65dd4f8b1a33653f30579edc411ceafb48d

Analysis

max time kernel
436s
max time network
438s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-10-2024 16:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rise 6.1.31/start.cmd
Size

41B
MD5

d81f3f20ef2eda780a107a9b50cc718b
SHA1

6fe33901c94fe7005d27af5d4ce9de2bc9a3e908
SHA256

d9cff4ea291d91d405dfb8ec36e2ce7f85bd0c00d37efa1da29f8ca5c872d0c9
SHA512

1960a59230fb721045cdc232446c45f56ac60762be96e555db119184c1526b6af785d8a14a934f440bf12e385a94c8cb9d9b767271abf42444dd98ea8f8c98df

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1729960674061.tmp"	reg.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	java.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3216	java.exe
3216	java.exe
3216	java.exe
3216	java.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 3216	4388	cmd.exe	82
PID 4388 wrote to memory of 3216	4388	cmd.exe	82
PID 3216 wrote to memory of 3176	3216	java.exe	83
PID 3216 wrote to memory of 3176	3216	java.exe	83
PID 3216 wrote to memory of 2072	3216	java.exe	85
PID 3216 wrote to memory of 2072	3216	java.exe	85
PID 2072 wrote to memory of 2592	2072	cmd.exe	87
PID 2072 wrote to memory of 2592	2072	cmd.exe	87

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3176	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Rise 6.1.31\start.cmd"
1⤵
- Suspicious use of WriteProcessMemory
PID:4388
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -jar Rise.jar
  2⤵
  - Enumerates connected drives
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3216
- - C:\Windows\SYSTEM32\attrib.exe
    attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960674061.tmp
    3⤵
    - Views/modifies file attributes
    PID:3176
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960674061.tmp" /f"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2072
  - - C:\Windows\system32\reg.exe
      REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729960674061.tmp" /f
      4⤵
      Adds Run key to start application
      PID:2592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio4619395252428254074.tmp

Filesize
484B

MD5
cc8fbb4440ae04418928c8d42e4ccb21

SHA1
bbbeed8e96bcfa4dfd977441a83566dbc638e079

SHA256
cd899a1183aeeac6a4c6a0f17d8af1845d244896d7e9fd309b1f486d918f89c0

SHA512
569892d513c1c56ceac24ee757e4868a14b4c3a5084c2b21192a36a171dd5240914621a203ebacb0ada0d65fc406c31be8346445fb3a86c0280515006376472c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5086151451206158310.tmp

Filesize
32KB

MD5
36c71e3317bcdeb8a4c756c089159696

SHA1
0cb9b3c14acc0667b257b103def2c921b33710b2

SHA256
11408db565b824abd1250958c9ea895f0a6cd040b8827f907baaa4ef2d0304e9

SHA512
951be17bb1c07c1ab5da2b2cfec7b0ef7a95bf9738468ec1431580f0650bba999921db2eb5761fc5aae52d5cc65db7ac2b8ab406dc76b6f9ef87f277c7760c2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6535367510280797098.tmp

Filesize
35KB

MD5
a8bcacc658d25f913ce6ca28718d3461

SHA1
967c8289a2244064bed3ce11478ad500750cf086

SHA256
e57b868efe241fc47d38e91c940856b563df0c54e5eb2c51547b83bce5df8172

SHA512
d5d35bb1561e2d85a0ae1850c03ab5115ed7be2f06ffe9c6d164036eb01776076f7ca155be29f41639c290ed866ec852eff7494d488a152a2d7da1086ae6f353

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6562491148110368026.tmp

Filesize
30KB

MD5
6b71dca1542b1e7ed7f28465b0823627

SHA1
4c661ac69c5a57656aa79715abc056149bc5fb9e

SHA256
061a84821c8ac150f3698f62af8d2d0b84d552ece5ae1619b45f01b63831fc40

SHA512
64fa491b6de3a37806a490c3b4b64892be8ca762c6e046af7b13a7f12bcba6452486655144cd0cdca2efe52ff4a22775a811959127aedfe6890f9f29b019e1d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio9190604071836891164.tmp

Filesize
395B

MD5
3338aa57aaaded7c314425d22be5483e

SHA1
b09b6bc78079488dba2112e92a5ca59388f0d382

SHA256
6ec54458e0593bd19cb9437e7c778d913c8cdf942bb0396e34866fae1aa96767

SHA512
d3c3c6c1a4ea7bd6c68c502bc2c720ae79d54f31062a55aac280d05e4ce27224a42e092fc3b9d0639e575722825b071e7d52b1a284fc20a0d4a30dbbb5bbf3f2

Download Submit
memory/3216-139-0x00000246710A0000-0x00000246710B0000-memory.dmp

Filesize
64KB

Download
memory/3216-175-0x0000024671100000-0x0000024671110000-memory.dmp

Filesize
64KB

Download
memory/3216-16-0x0000024670F80000-0x0000024670F90000-memory.dmp

Filesize
64KB

Download
memory/3216-18-0x0000024670F90000-0x0000024670FA0000-memory.dmp

Filesize
64KB

Download
memory/3216-20-0x0000024670FA0000-0x0000024670FB0000-memory.dmp

Filesize
64KB

Download
memory/3216-22-0x0000024670FB0000-0x0000024670FC0000-memory.dmp

Filesize
64KB

Download
memory/3216-24-0x0000024670FC0000-0x0000024670FD0000-memory.dmp

Filesize
64KB

Download
memory/3216-26-0x0000024670FD0000-0x0000024670FE0000-memory.dmp

Filesize
64KB

Download
memory/3216-28-0x0000024670FE0000-0x0000024670FF0000-memory.dmp

Filesize
64KB

Download
memory/3216-32-0x0000024670FF0000-0x0000024671000000-memory.dmp

Filesize
64KB

Download
memory/3216-36-0x0000024671000000-0x0000024671010000-memory.dmp

Filesize
64KB

Download
memory/3216-35-0x0000024670D10000-0x0000024670F80000-memory.dmp

Filesize
2.4MB

Download
memory/3216-37-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-39-0x0000024671010000-0x0000024671020000-memory.dmp

Filesize
64KB

Download
memory/3216-43-0x0000024671020000-0x0000024671030000-memory.dmp

Filesize
64KB

Download
memory/3216-42-0x0000024670F80000-0x0000024670F90000-memory.dmp

Filesize
64KB

Download
memory/3216-47-0x0000024671030000-0x0000024671040000-memory.dmp

Filesize
64KB

Download
memory/3216-46-0x0000024670F90000-0x0000024670FA0000-memory.dmp

Filesize
64KB

Download
memory/3216-49-0x0000024670FA0000-0x0000024670FB0000-memory.dmp

Filesize
64KB

Download
memory/3216-50-0x0000024671040000-0x0000024671050000-memory.dmp

Filesize
64KB

Download
memory/3216-54-0x0000024670FB0000-0x0000024670FC0000-memory.dmp

Filesize
64KB

Download
memory/3216-55-0x0000024671050000-0x0000024671060000-memory.dmp

Filesize
64KB

Download
memory/3216-58-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-59-0x0000024670FC0000-0x0000024670FD0000-memory.dmp

Filesize
64KB

Download
memory/3216-61-0x0000024670FD0000-0x0000024670FE0000-memory.dmp

Filesize
64KB

Download
memory/3216-62-0x0000024671060000-0x0000024671070000-memory.dmp

Filesize
64KB

Download
memory/3216-64-0x0000024670FE0000-0x0000024670FF0000-memory.dmp

Filesize
64KB

Download
memory/3216-66-0x0000024670FF0000-0x0000024671000000-memory.dmp

Filesize
64KB

Download
memory/3216-67-0x0000024671000000-0x0000024671010000-memory.dmp

Filesize
64KB

Download
memory/3216-70-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-71-0x0000024671010000-0x0000024671020000-memory.dmp

Filesize
64KB

Download
memory/3216-72-0x0000024671020000-0x0000024671030000-memory.dmp

Filesize
64KB

Download
memory/3216-81-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-82-0x0000024671030000-0x0000024671040000-memory.dmp

Filesize
64KB

Download
memory/3216-83-0x0000024671040000-0x0000024671050000-memory.dmp

Filesize
64KB

Download
memory/3216-84-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-87-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-88-0x0000024671050000-0x0000024671060000-memory.dmp

Filesize
64KB

Download
memory/3216-90-0x0000024671060000-0x0000024671070000-memory.dmp

Filesize
64KB

Download
memory/3216-91-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-94-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-95-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-96-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-99-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-101-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-104-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-106-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-109-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-112-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-115-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-116-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-119-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-123-0x0000024671070000-0x0000024671080000-memory.dmp

Filesize
64KB

Download
memory/3216-122-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-126-0x0000024671070000-0x0000024671080000-memory.dmp

Filesize
64KB

Download
memory/3216-129-0x0000024671080000-0x0000024671090000-memory.dmp

Filesize
64KB

Download
memory/3216-136-0x0000024671090000-0x00000246710A0000-memory.dmp

Filesize
64KB

Download
memory/3216-2-0x0000024670D10000-0x0000024670F80000-memory.dmp

Filesize
2.4MB

Download
memory/3216-399-0x0000024671110000-0x0000024671120000-memory.dmp

Filesize
64KB

Download
memory/3216-14-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-164-0x00000246710D0000-0x00000246710E0000-memory.dmp

Filesize
64KB

Download
memory/3216-146-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-157-0x000002466F3A0000-0x000002466F3A1000-memory.dmp

Filesize
4KB

Download
memory/3216-167-0x00000246710E0000-0x00000246710F0000-memory.dmp

Filesize
64KB

Download
memory/3216-145-0x00000246710C0000-0x00000246710D0000-memory.dmp

Filesize
64KB

Download
memory/3216-174-0x00000246710F0000-0x0000024671100000-memory.dmp

Filesize
64KB

Download
memory/3216-173-0x0000024671080000-0x0000024671090000-memory.dmp

Filesize
64KB

Download
memory/3216-202-0x0000024671110000-0x0000024671120000-memory.dmp

Filesize
64KB

Download
memory/3216-219-0x0000024671090000-0x00000246710A0000-memory.dmp

Filesize
64KB

Download
memory/3216-220-0x0000024671140000-0x0000024671150000-memory.dmp

Filesize
64KB

Download
memory/3216-226-0x0000024671120000-0x0000024671130000-memory.dmp

Filesize
64KB

Download
memory/3216-225-0x00000246710A0000-0x00000246710B0000-memory.dmp

Filesize
64KB

Download
memory/3216-248-0x00000246710B0000-0x00000246710C0000-memory.dmp

Filesize
64KB

Download
memory/3216-270-0x0000024671150000-0x0000024671160000-memory.dmp

Filesize
64KB

Download
memory/3216-269-0x00000246710C0000-0x00000246710D0000-memory.dmp

Filesize
64KB

Download
memory/3216-294-0x00000246710D0000-0x00000246710E0000-memory.dmp

Filesize
64KB

Download
memory/3216-303-0x0000024671160000-0x0000024671170000-memory.dmp

Filesize
64KB

Download
memory/3216-302-0x00000246710E0000-0x00000246710F0000-memory.dmp

Filesize
64KB

Download
memory/3216-331-0x00000246710F0000-0x0000024671100000-memory.dmp

Filesize
64KB

Download
memory/3216-353-0x0000024671170000-0x0000024671180000-memory.dmp

Filesize
64KB

Download
memory/3216-352-0x0000024671100000-0x0000024671110000-memory.dmp

Filesize
64KB

Download
memory/3216-370-0x0000024671180000-0x0000024671190000-memory.dmp

Filesize
64KB

Download
memory/3216-143-0x00000246710B0000-0x00000246710C0000-memory.dmp

Filesize
64KB

Download
memory/3216-404-0x0000024671140000-0x0000024671150000-memory.dmp

Filesize
64KB

Download
memory/3216-405-0x0000024671190000-0x00000246711A0000-memory.dmp

Filesize
64KB

Download
memory/3216-435-0x0000024671120000-0x0000024671130000-memory.dmp

Filesize
64KB

Download
memory/3216-446-0x00000246711A0000-0x00000246711B0000-memory.dmp

Filesize
64KB

Download
memory/3216-464-0x00000246711B0000-0x00000246711C0000-memory.dmp

Filesize
64KB

Download
memory/3216-462-0x0000024671150000-0x0000024671160000-memory.dmp

Filesize
64KB

Download
memory/3216-492-0x00000246711C0000-0x00000246711D0000-memory.dmp

Filesize
64KB

Download
memory/3216-553-0x00000246711D0000-0x00000246711E0000-memory.dmp

Filesize
64KB

Download
memory/3216-557-0x00000246711E0000-0x00000246711F0000-memory.dmp

Filesize
64KB

Download
memory/3216-552-0x0000024671160000-0x0000024671170000-memory.dmp

Filesize
64KB

Download
memory/3216-580-0x0000024671170000-0x0000024671180000-memory.dmp

Filesize
64KB

Download
memory/3216-581-0x00000246711F0000-0x0000024671200000-memory.dmp

Filesize
64KB

Download
memory/3216-592-0x0000024671200000-0x0000024671210000-memory.dmp

Filesize
64KB

Download
memory/3216-591-0x0000024671180000-0x0000024671190000-memory.dmp

Filesize
64KB

Download
memory/3216-648-0x0000024671210000-0x0000024671220000-memory.dmp

Filesize
64KB

Download
memory/3216-647-0x0000024671190000-0x00000246711A0000-memory.dmp

Filesize
64KB

Download
memory/3216-662-0x0000024671220000-0x0000024671230000-memory.dmp

Filesize
64KB

Download
memory/3216-692-0x00000246711A0000-0x00000246711B0000-memory.dmp

Filesize
64KB

Download
memory/3216-707-0x0000024671230000-0x0000024671240000-memory.dmp

Filesize
64KB

Download
memory/3216-706-0x00000246711B0000-0x00000246711C0000-memory.dmp

Filesize
64KB

Download
memory/3216-737-0x00000246711C0000-0x00000246711D0000-memory.dmp

Filesize
64KB

Download
memory/3216-762-0x0000024671240000-0x0000024671250000-memory.dmp

Filesize
64KB

Download
memory/3216-761-0x00000246711D0000-0x00000246711E0000-memory.dmp

Filesize
64KB

Download
memory/3216-793-0x00000246711E0000-0x00000246711F0000-memory.dmp

Filesize
64KB

Download
memory/3216-827-0x0000024671250000-0x0000024671260000-memory.dmp

Filesize
64KB

Download
memory/3216-826-0x00000246711F0000-0x0000024671200000-memory.dmp

Filesize
64KB

Download
memory/3216-853-0x0000024671200000-0x0000024671210000-memory.dmp

Filesize
64KB

Download
memory/3216-908-0x0000024671260000-0x0000024671270000-memory.dmp

Filesize
64KB

Download
memory/3216-907-0x0000024671210000-0x0000024671220000-memory.dmp

Filesize
64KB

Download
memory/3216-939-0x0000024671220000-0x0000024671230000-memory.dmp

Filesize
64KB

Download
memory/3216-982-0x0000024671270000-0x0000024671280000-memory.dmp

Filesize
64KB

Download
memory/3216-981-0x0000024671230000-0x0000024671240000-memory.dmp

Filesize
64KB

Download
memory/3216-1004-0x0000024671280000-0x0000024671290000-memory.dmp

Filesize
64KB

Download
memory/3216-1033-0x0000024671240000-0x0000024671250000-memory.dmp

Filesize
64KB

Download
memory/3216-1078-0x0000024671290000-0x00000246712A0000-memory.dmp

Filesize
64KB

Download
memory/3216-1077-0x0000024671250000-0x0000024671260000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads