risepro | 828-7-0x00000000010D0000-0x0000000001672000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

828-7-0x00000000010D0000-0x0000000001672000-memory.dmp
Size

5.6MB
MD5

f4fe6599cfb13004e0cbafb188cdb710
SHA1

68e561a7079887d32e82dc6c926b1d6eadcd558a
SHA256

f11bff77eae8afb4a6128a8637727302fb12a27ca7b74118fb4a7ecec060b741
SHA512

d72efa0e8f1009766e486fbbbfb5b69d52d46c487eb326ebd8bb52010d6e0e57f588720355912538e263bb4e70fe8f035dd90b98ee7fb78062e01907084c0b6e
SSDEEP

98304:IHpcrFRV1am2F1hf8F/jtziTBwJu/kjb4+RCvDywDVdfqY/E1xRF:IH+LFVu8n4hvDywDvxcbR

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
828-7-0x00000000010D0000-0x0000000001672000-memory.dmp

Files

828-7-0x00000000010D0000-0x0000000001672000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 568KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yzyibjxa
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

khnrxdpk
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE