risepro | 1996-2-0x0000000000210000-0x000000000072D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1996-2-0x0000000000210000-0x000000000072D000-memory.dmp
Size

5.1MB
MD5

5a3317de2179ef0d2e6101c92e7f9aa9
SHA1

9427685fa6d48156a8b3df47e74f14f9a4d4d7e6
SHA256

d2209699ae9830b89c147dab326111d56b809255dc32eaea31684a2d5befb25f
SHA512

b776f801d5d1cee66362cfa3c37db4ea60ac88e605079c688cc85cc3c312f327111c0e57947028ce011537a07d4e6c02352946d7eedae4306b87a23f4d555027
SSDEEP

49152:2FxjGxMMxpf3fb/wMoUYFTafp+BHejt0xj84ogrPlOUqliadsLXAO:4jNMxpbLoUlp+BHex0x84tPgiaCAO

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1996-2-0x0000000000210000-0x000000000072D000-memory.dmp

Files

1996-2-0x0000000000210000-0x000000000072D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 492KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 80KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 634KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE