Behavioral task
behavioral1
Sample
1508-3-0x0000000000210000-0x0000000000803000-memory.exe
Resource
win7-20240611-en
General
-
Target
1508-3-0x0000000000210000-0x0000000000803000-memory.dmp
-
Size
5.9MB
-
MD5
b8fb0cc4b95411fee6e00ad2d6e79fba
-
SHA1
d01a35e16b8ba99d88120fe2bf1aeb30c5b4ed50
-
SHA256
14edfc09ad975e24fddd3feb98a276016541d3ce3d5bc9aa5b321d89398841ca
-
SHA512
1f7958f80494c55ef38370a093ba0a4306d93b28625f4e148236708c4ca6f4b0c1fbf981f2e8fd4e1764d45beca7b335fdd4b0094b09d52b18af3adeeac2c4eb
-
SSDEEP
98304:hbz1xXZTU5Gd1VwQLPWaveB797USzMCbD/ZS0wt7TIC+tHFbAiw5:FLXZQ5K1aQLPWyMDVi7mMiQ
Malware Config
Signatures
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 1508-3-0x0000000000210000-0x0000000000803000-memory.dmp
Files
-
1508-3-0x0000000000210000-0x0000000000803000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 685KB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 2.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qdoeazjc Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
npqumnad Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.taggant Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE