risepro | 2940-5-0x0000000000E90000-0x0000000001952000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2940-5-0x0000000000E90000-0x0000000001952000-memory.dmp
Size

10.8MB
MD5

2269561c8d273d998030dcd09db8ddd1
SHA1

c270a010a529ef199ee5bf78a1435b34d0e8d962
SHA256

30d8bc7ad7f29d252050a129b909d91b96cce3e01ff8dde4aa0fc5b4c3fec161
SHA512

14cae166bc546510faa7bf6b73056525709b4ff9b975865b6efe30de06fb7abe93a0753e3a616eaebf11b75238b69b411ae3934a900752c3d7b4903c00a8d1af
SSDEEP

196608:QzdCRjR+PEZm7H0dF6HVyqP2Rcz5MrPnAHyLnFXKlSPa:QzPsZY0EPP2S1MVJXKlCa

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2940-5-0x0000000000E90000-0x0000000001952000-memory.dmp

Files

2940-5-0x0000000000E90000-0x0000000001952000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpµA
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpµA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpµA
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ