Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\LisectAVT_2403002A_262.exe

"C:\Users\user\Desktop\LisectAVT_2403002A_262.exe"

Details

Is windows:	false
Is dropped:	false
PID:	3300
Target ID:	0
Parent PID:	2580
Name:	LisectAVT_2403002A_262.exe
Path:	C:\Users\user\Desktop\LisectAVT_2403002A_262.exe
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002A_262.exe"
Size:	2956293
MD5:	6EFB242EE7F7A8FAC1E25DEC0AC7F516
Time:	21:00:18
Date:	24/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Multi AV Scanner detection for submitted file	AV Detection
Yara detected RisePro Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains section with special chars	System Summary
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll

unknown

http://www.winimage.com/zLibDll

unknown

https://t.me/RiseProSUPPORT

unknown

IPs

Domain

Country

Malicious

193.233.132.190

unknown

Russian Federation

Details

IP:	193.233.132.190
TargetID:	0
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002A_262.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

2FD0000

heap

page read and write

502000

unkown

page execute read

3BD000

unkown

page readonly

2FE2000

heap

page read and write

10FC000

stack

page read and write

2B0000

unkown

page readonly

14DF000

heap

page read and write

14CB000

heap

page read and write

7D1000

unkown

page readonly

14A0000

heap

page read and write

DCC000

stack

page read and write

14AA000

heap

page read and write

502000

unkown

page execute read

1210000

heap

page read and write

3E6000

unkown

page execute read

7D1000

unkown

page readonly

14D3000

heap

page read and write

501000

unkown

page read and write

1130000

heap

page read and write

12E0000

heap

page read and write

2B1000

unkown

page execute read

2B0000

unkown

page readonly

14AE000

heap

page read and write

14DF000

heap

page read and write

14D7000

heap

page read and write

3E1000

unkown

page read and write

2F3E000

stack

page read and write

142D000

stack

page read and write

There are 18 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LisectAVT_2403002A_262.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLisectAVT_2403002A_262.exe

Processes

URLs

IPs

Memdumps

IOC Report
LisectAVT_2403002A_262.exe