Behavioral task
behavioral1
Sample
1948-3-0x0000000000560000-0x0000000000B6C000-memory.exe
Resource
win7-20240508-en
General
-
Target
1948-3-0x0000000000560000-0x0000000000B6C000-memory.dmp
-
Size
6.0MB
-
MD5
04644f1f335467771dfa929eb24d049e
-
SHA1
8a481633eff9b38d040d2f6bb946ce33559e7eb2
-
SHA256
3cde543efb3588d383f92b57cb52db946521fd2a9de37f8fb1a31a00393a6055
-
SHA512
25f08a8a072eff4ffe511d50664920902e65a42cab80721eb70e78e922155869f91d939dda8872395d16aa092ce81b7801f0c867994e9f1295f1410643846138
-
SSDEEP
98304:kTG6d6pDn5+gktKNQLQmdR4o5vVA2oFv+2w6JoN/bi5L6hqvSLiVbLSy:UopD5+ZtOQLQm4FwOMy6hqvAi
Malware Config
Signatures
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1948-3-0x0000000000560000-0x0000000000B6C000-memory.dmp
Files
-
1948-3-0x0000000000560000-0x0000000000B6C000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 685KB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ggqmrqvk Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
gxqruznx Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE