Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\LisectAVT_2403002A_464.exe

"C:\Users\user\Desktop\LisectAVT_2403002A_464.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6308
Target ID:	0
Parent PID:	2580
Name:	LisectAVT_2403002A_464.exe
Path:	C:\Users\user\Desktop\LisectAVT_2403002A_464.exe
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002A_464.exe"
Size:	5668408
MD5:	87C9AECD5886C99434358B6A7F42FDE0
Time:	13:50:05
Date:	25/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xae0000
Modulesize:	9998336
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Yara detected RisePro Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Sample reads its own file content	System Summary
URLs found in memory or binary data	Networking
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll

unknown

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

http://www.winimage.com/zLibDll

unknown

https://t.me/RiseProSUPPORT

unknown

https://sectigo.com/CPS0

unknown

http://ocsp.sectigo.com0

unknown

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

unknown

IPs

Domain

Country

Malicious

193.233.132.109

unknown

Russian Federation

Details

IP:	193.233.132.109
TargetID:	0
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002A_464.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	2895
ASN name:	FREE-NET-ASFREEnetEU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

806000

heap

page read and write

764000

heap

page read and write

2D50000

heap

page read and write

F03000

unkown

page execute read

AE0000

unkown

page readonly

7DA000

heap

page read and write

764000

heap

page read and write

780000

heap

page read and write

2D60000

trusted library allocation

page read and write

764000

heap

page read and write

764000

heap

page read and write

760000

heap

page read and write

764000

heap

page read and write

2E50000

heap

page read and write

770000

heap

page read and write

7D0000

heap

page read and write

1466000

unkown

page readonly

764000

heap

page read and write

764000

heap

page read and write

2F6B000

heap

page read and write

764000

heap

page read and write

2D60000

heap

page read and write

80E000

heap

page read and write

2E61000

heap

page read and write

C0E000

unkown

page read and write

325E000

stack

page read and write

C3B000

unkown

page read and write

80E000

heap

page read and write

3FC000

stack

page read and write

7DE000

heap

page read and write

2E60000

heap

page read and write

1466000

unkown

page readonly

AE1000

unkown

page execute read

C41000

unkown

page execute read

BED000

unkown

page readonly

F03000

unkown

page execute read

2D55000

heap

page read and write

AE0000

unkown

page readonly

802000

heap

page read and write

2E61000

heap

page read and write

6FD000

stack

page read and write

C13000

unkown

page execute read

2DEE000

stack

page read and write

F02000

unkown

page read and write

There are 34 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LisectAVT_2403002A_464.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLisectAVT_2403002A_464.exe

Processes

URLs

IPs

Memdumps

IOC Report
LisectAVT_2403002A_464.exe