risepro | 1428-0-0x0000000000B60000-0x0000000001249000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1428-0-0x0000000000B60000-0x0000000001249000-memory.dmp
Size

6.9MB
MD5

fca354a98e69d3013f5a89434b23a534
SHA1

4c04a4382556d1bc853138c161bad2d7df106f3f
SHA256

134a10e6c7e18ba081cce5fb64d1a346dfcda318729f9e354c1ba38ec9bfbe5b
SHA512

360cc158149424a6a69ec1a41e930a08b6e9f15f5cbed97ee63e1b10d6b34ab906ecd78a8aee3dd318715e4a496cf557bc3c40d2b2852fa65db519485f369540
SSDEEP

98304:2xJMGekLvV9X65aMVJSIV8mGhbLqkVFBF91D5ImOKPDRomPjtpH0S/g+KjpOZP7c:2xJpekDXc9JjDk39/ZOKPDOIjxKlSPa

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.55:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1428-0-0x0000000000B60000-0x0000000001249000-memory.dmp

Files

1428-0-0x0000000000B60000-0x0000000001249000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp€8
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp€8
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp€8
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ