Overview

overview

10

Static

static

10

Rise 6.1.31/Rise.jar

windows7-x64

1

Rise 6.1.31/Rise.jar

windows10-2004-x64

6

Rise 6.1.31/start.cmd

windows7-x64

1

Rise 6.1.31/start.cmd

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rise 6.1.31/start.cmd

  • Size

    41B

  • MD5

    d81f3f20ef2eda780a107a9b50cc718b

  • SHA1

    6fe33901c94fe7005d27af5d4ce9de2bc9a3e908

  • SHA256

    d9cff4ea291d91d405dfb8ec36e2ce7f85bd0c00d37efa1da29f8ca5c872d0c9

  • SHA512

    1960a59230fb721045cdc232446c45f56ac60762be96e555db119184c1526b6af785d8a14a934f440bf12e385a94c8cb9d9b767271abf42444dd98ea8f8c98df

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Rise 6.1.31\start.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      java -jar Rise.jar
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4696
      • C:\Windows\SYSTEM32\attrib.exe
        attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729965015311.tmp
        3⤵
        • Views/modifies file attributes
        PID:2352
      • C:\Windows\SYSTEM32\cmd.exe
        cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729965015311.tmp" /f"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1044
        • C:\Windows\system32\reg.exe
          REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729965015311.tmp" /f
          4⤵
          • Adds Run key to start application
          PID:3656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1729965015311.tmp
    Filesize

    11.7MB

    MD5

    62e3fbd568560b6b3ceeeb7f15befcf3

    SHA1

    499c81be40a7a5a7cdde84d9989a20f19039e9f5

    SHA256

    905de877c30480cee378952ac08624c62740c6ba168187842e980639ab531d7c

    SHA512

    3ed369cf87b209ea690163093e53b863d417288391e7133459227c48acad54fce88344c6de0cef0321048a1e8c05cea9ebe8659074f2fe474a70989b5019829c

    Download Submit

  • memory/4696-41-0x0000019FAEF30000-0x0000019FAEF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-68-0x0000019FAEFD0000-0x0000019FAEFE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-40-0x0000019FAEF20000-0x0000019FAEF30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-20-0x0000019FAEF40000-0x0000019FAEF50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-23-0x0000019FAEF50000-0x0000019FAEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-24-0x0000019FAEF60000-0x0000019FAEF70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-26-0x0000019FAEF70000-0x0000019FAEF80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-28-0x0000019FAEF80000-0x0000019FAEF90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-30-0x0000019FAEF90000-0x0000019FAEFA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-14-0x0000019FAD390000-0x0000019FAD391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4696-35-0x0000019FAEFA0000-0x0000019FAEFB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-34-0x0000019FAECB0000-0x0000019FAEF20000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/4696-17-0x0000019FAEF20000-0x0000019FAEF30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-18-0x0000019FAEF30000-0x0000019FAEF40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-53-0x0000019FAEFA0000-0x0000019FAEFB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-48-0x0000019FAEF60000-0x0000019FAEF70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-47-0x0000019FAEF50000-0x0000019FAEF60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-49-0x0000019FAEF70000-0x0000019FAEF80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-50-0x0000019FAEF80000-0x0000019FAEF90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-51-0x0000019FAEFB0000-0x0000019FAEFC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-52-0x0000019FAEF90000-0x0000019FAEFA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-46-0x0000019FAEF40000-0x0000019FAEF50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-54-0x0000019FAEFB0000-0x0000019FAEFC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-58-0x0000019FAEFC0000-0x0000019FAEFD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-59-0x0000019FAEFC0000-0x0000019FAEFD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-66-0x0000019FAEFD0000-0x0000019FAEFE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4696-2-0x0000019FAECB0000-0x0000019FAEF20000-memory.dmp

    Filesize

    2.4MB

    Download