risepro | 2164-7-0x0000000001140000-0x00000000016FD000-memory[.]dmp | Triage

Sharing

General

Target

2164-7-0x0000000001140000-0x00000000016FD000-memory.dmp
Size

5.7MB
MD5

a891f2420a6ad342ed0559a1bfcfe05e
SHA1

3be37aaaed97346ed81aa97ae7748b417bd2d9c6
SHA256

7f6b65f44554d44b27c364324419b2db6f6ea5d6d141fde4a2ff0018a179da8e
SHA512

e41dcf5c96405916066fecc9a230239eeed16f4b6e7605e35db8aea8e0775a808f0f13cec47c8498e024c022cdf47184428199935a290cf5b0bd7948cbc6208f
SSDEEP

98304:GSrAseWAC6jjEuhWATTS4RsD0NW+D7115AcO+EFR+8KwVjv6PLUiQ:GSrMTW+q+D717jOt55jcL

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2164-7-0x0000000001140000-0x00000000016FD000-memory.dmp

Files

2164-7-0x0000000001140000-0x00000000016FD000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 568KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zvcxpzwz
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ctpplmvq
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE