Behavioral task
behavioral1
Sample
rise1906_00068000.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral2
Sample
rise1906_00068000.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
rise1906_00068000.exe
-
Size
1.6MB
-
MD5
a78e1a19c3a99c6f4ef93789117b19ef
-
SHA1
bf8c72f830f5e2a3891df3fa7b4b5d0b5ca8c1b4
-
SHA256
c439a375c59bdddffb88c941dcaba8899567d824ee231c192faee9d7f2b61756
-
SHA512
8a415ff2af17cbdc1d0453cdc608de1c90feda97cb8f5aee2410aead5b5748bba1bb58c168e87e5e1cf6a56a425b79cf09a5edde7b74d5ddf2c44200db007a75
-
SSDEEP
49152:1TbDJ4gnpFzjE0Z3Vhs1QLWLWGzdTNRs0u+:1TCgpFzjE0Z3rs1QLWCG
Malware Config
Signatures
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource rise1906_00068000.exe
Files
-
rise1906_00068000.exe.exe windows:6 windows x86 arch:x86
e2abfd7ba257adf7a15b19d55fcf4379
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
WaitForSingleObject
LocalAlloc
GetCurrentThreadId
GetModuleHandleA
GetLocaleInfoA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Sleep
GetTempPathA
GetModuleHandleExA
GetTimeZoneInformation
GetTickCount64
CopyFileA
GetLastError
GetFileAttributesA
TzSpecificLocalTimeToSystemTime
CreateFileA
SetEvent
TerminateThread
LoadLibraryA
GetVersionExA
DeleteFileA
Process32Next
CloseHandle
GetSystemInfo
CreateThread
ResetEvent
GetWindowsDirectoryA
HeapAlloc
SetFileAttributesA
GetLocalTime
GetProcAddress
VirtualAllocEx
LocalFree
IsProcessorFeaturePresent
GetFileSize
RemoveDirectoryA
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
GlobalMemoryStatusEx
SetThreadExecutionState
FreeLibrary
WideCharToMultiByte
CreateRemoteThread
GetComputerNameExA
CreateDirectoryA
GetSystemTime
GetVolumeInformationA
CreateEventA
GetPrivateProfileStringA
IsWow64Process
IsDebuggerPresent
VirtualQueryEx
GetComputerNameA
SetUnhandledExceptionFilter
FindNextFileA
lstrcpynA
SetFilePointer
CreateFileW
AreFileApisANSI
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
GetTempPathW
GetFileAttributesW
FormatMessageW
GetDiskFreeSpaceA
DeleteFileW
UnlockFile
LockFileEx
DeleteCriticalSection
GetSystemTimeAsFileTime
FormatMessageA
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
VirtualQuery
VirtualProtect
WriteConsoleW
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreateMutexA
FindClose
lstrlenA
InitializeCriticalSectionEx
GetProcessId
GetUserDefaultLocaleName
TerminateProcess
OutputDebugStringA
WriteFile
GetCurrentProcess
SetPriorityClass
SetLastError
ReadFile
HeapFree
FindFirstFileA
WriteProcessMemory
Process32First
GetPrivateProfileSectionNamesA
SetStdHandle
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
GetFileType
GetModuleFileNameA
SetFilePointerEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
GetLocaleInfoEx
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetModuleHandleW
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
LoadLibraryExA
user32
wsprintfA
GetSystemMetrics
MessageBoxA
GetWindowRect
EnumDisplayDevicesA
GetDC
GetKeyboardLayoutList
CharNextA
GetCursorPos
GetDesktopWindow
ReleaseDC
gdi32
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt
advapi32
RegQueryValueExA
LsaClose
LsaOpenPolicy
RegEnumKeyA
RegCloseKey
RegGetValueA
GetCurrentHwProfileA
LsaFreeMemory
CredEnumerateA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
LsaQueryInformationPolicy
RegEnumKeyExA
shell32
ShellExecuteA
SHGetFolderPathA
ole32
CoInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
ws2_32
WSAStartup
socket
connect
recv
freeaddrinfo
setsockopt
WSAGetLastError
shutdown
WSACleanup
closesocket
getaddrinfo
crypt32
CryptUnprotectData
shlwapi
PathFindExtensionA
gdiplus
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdiplusShutdown
GdiplusStartup
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
setupapi
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
ntdll
RtlUnicodeStringToAnsiString
rstrtmgr
RmStartSession
RmGetList
RmRegisterResources
RmShutdown
RmEndSession
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 160KB - Virtual size: 159KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 12KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ