Behavioral task
behavioral1
Sample
1844-3-0x0000000000750000-0x0000000000D57000-memory.exe
Resource
win7-20240508-en
General
-
Target
1844-3-0x0000000000750000-0x0000000000D57000-memory.dmp
-
Size
6.0MB
-
MD5
b6a9f255f07a3f2b17816d0c0ae6e668
-
SHA1
05dcb8c8015d365283987ddfb5cf2b2211adf2a5
-
SHA256
207d0999c82033906e28460735e355525d601a61fa95a4589b7fc204fecf652f
-
SHA512
79bd5534d60bf33997d687289e86e9015541828af2b88c4bf538d3150fb7353c5a20649cb66d2e29c833bfb3aebb6e2242a0528314d60055eec8bf3a381fa207
-
SSDEEP
98304:dFzBvPhL0tKSaYEQL3ugW7ZKv98/tCHylAwo0HbPjj5WEAz3rX+rU0bBspdOn:j5PhotBalQL3ufLj5WEAz3aNbBspd
Malware Config
Signatures
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1844-3-0x0000000000750000-0x0000000000D57000-memory.dmp
Files
-
1844-3-0x0000000000750000-0x0000000000D57000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 685KB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jpqntyca Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
cymphadb Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE