risepro | 1664-0-0x00000000001B0000-0x0000000000728000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1664-0-0x00000000001B0000-0x0000000000728000-memory.dmp
Size

5.5MB
MD5

95fa42ac3be66aaa364307b2bfffac52
SHA1

0ccb82e73c250c951b28e5efc780d6915e1263e9
SHA256

4d1a66b993a1394821fa738313d0c6942d8b9063e47e64342111bdbbbb474b50
SHA512

d02cdb327fe8d2f665d039f9320ab1373720b3a00451a90f4424807cd0417d0b04c77acad68f641486d98c1eca4eb99717fe2cc4be0f4eefc15296f42011c576
SSDEEP

98304:AB6KFQ61mx+5tTK3+kvfVMfwg84GpzxWWSr+MVIgZfYGAMNUheQ/c:ABVcKwukvdlSGpzbMVxehe6

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.55:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1664-0-0x00000000001B0000-0x0000000000728000-memory.dmp

Files

1664-0-0x00000000001B0000-0x0000000000728000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp=�
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp=�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp=�
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ