risepro | 3660-1691-0x00000000013A0000-0x00000000018B7000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3660-1691-0x00000000013A0000-0x00000000018B7000-memory.dmp
Size

1.9MB
MD5

21f331bd4217b877b39e5ff3f0f4f7e2
SHA1

036e382d0d8dfb3bb21d3c4a160e46c96c0ac008
SHA256

b986b7194d429e520b108125a0c62e71883a8af3fc66a50082dd2f90efd635ea
SHA512

c640278b509a4ffda7870907649ff9674edd8706597bcddf49f17ca7d5e09d2810071448f4415de49d19d9d0ad91801762a73c453c9ee7c0d005a47b340409ad
SSDEEP

24576:Cfuw0bG7tFGPcvjtP/+6jQnKspYT/xxpxdILuA6PbWiQvGT2fCE7TP8o1Cl8uMW9:LtbGzGEbtP//dxySAiQuT9oTP8o1Cl84

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3660-1691-0x00000000013A0000-0x00000000018B7000-memory.dmp

Files

3660-1691-0x00000000013A0000-0x00000000018B7000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 492KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 28KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 191KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 993KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE