Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\LisectAVT_2403002A_240.exe

"C:\Users\user\Desktop\LisectAVT_2403002A_240.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5364
Target ID:	0
Parent PID:	4056
Name:	LisectAVT_2403002A_240.exe
Path:	C:\Users\user\Desktop\LisectAVT_2403002A_240.exe
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002A_240.exe"
Size:	5402117
MD5:	DF07B5A212F479D219E1C4D06D414CF7
Time:	16:10:03
Date:	25/07/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x620000
Modulesize:	9523200
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Antivirus / Scanner detection for submitted sample	AV Detection
Yara detected RisePro Stealer	Stealing of Sensitive Information, Remote Access Functionality
Machine Learning detection for sample	AV Detection
PE file contains an invalid checksum	Data Obfuscation
PE file contains sections with non-standard names	Data Obfuscation
Uses 32bit PE files	Compliance, System Summary
Sample reads its own file content	System Summary
PE file has a big raw section	System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

URLs

Name

Malicious

https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll

unknown

http://www.winimage.com/zLibDll

unknown

https://t.me/RiseProSUPPORT

unknown

http://www.altools.co.kr

unknown

IPs

Domain

Country

Malicious

5.42.65.117

unknown

Russian Federation

Details

IP:	5.42.65.117
TargetID:	0
Current Path:	C:\Users\user\Desktop\LisectAVT_2403002A_240.exe
Country:	Russian Federation
Countrycode:	RUS
ASN number:	39493
ASN name:	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Detected TCP or UDP traffic on non-standard ports	Networking	Non-Standard Port
Connects to IPs without corresponding DNS lookups	Networking

Memdumps

Base Address

Regiontype

Protect

Malicious

Download

148F000

heap

page read and write

13D4000

heap

page read and write

13D0000

heap

page read and write

13D4000

heap

page read and write

145A000

heap

page read and write

324D000

heap

page read and write

13D4000

heap

page read and write

1483000

heap

page read and write

13D4000

heap

page read and write

620000

unkown

page readonly

1450000

heap

page read and write

F2B000

unkown

page readonly

12FC000

stack

page read and write

13D4000

heap

page read and write

13F0000

trusted library allocation

page read and write

13D4000

heap

page read and write

148F000

heap

page read and write

3090000

heap

page read and write

145E000

heap

page read and write

13D4000

heap

page read and write

72D000

unkown

page readonly

13D4000

heap

page read and write

143D000

stack

page read and write

30A1000

heap

page read and write

77B000

unkown

page read and write

1340000

heap

page read and write

1330000

heap

page read and write

74E000

unkown

page read and write

1487000

heap

page read and write

620000

unkown

page readonly

30A0000

heap

page read and write

A08000

unkown

page execute read

A07000

unkown

page read and write

30A1000

heap

page read and write

FCC000

stack

page read and write

3230000

heap

page read and write

A08000

unkown

page execute read

147B000

heap

page read and write

621000

unkown

page execute read

F2B000

unkown

page readonly

353E000

stack

page read and write

781000

unkown

page execute read

753000

unkown

page execute read

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
LisectAVT_2403002A_240.exe

Processes

URLs

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportLisectAVT_2403002A_240.exe

Processes

URLs

IPs

Memdumps

IOC Report
LisectAVT_2403002A_240.exe