risepro | 1436-324-0x0000000000280000-0x000000000082C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1436-324-0x0000000000280000-0x000000000082C000-memory.dmp
Size

5.7MB
MD5

27b11149660088db8bf42618ff283e49
SHA1

e763f2dc7a3452f08fbe909e315ea19d13618ca1
SHA256

8cc5888263a7f8d1dd16abc1a0b31fd476716be4aae7e7e335175469f03218f2
SHA512

f86d585011247a0cbed1d466d277f1e130564e2ca4b0fc082630c0771809d5a8b1f7d1ad535628d1b5549664f3812cbbed4c61c41e31dcab9fdc6fc991f2fef1
SSDEEP

98304:ZxXGUjnFO9g1xNPFhcBkVZU6eTgrs/oPOx9ShfJyaifQ:Zx00U6eTgJPO3sBM

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1436-324-0x0000000000280000-0x000000000082C000-memory.dmp

Files

1436-324-0x0000000000280000-0x000000000082C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 568KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jkchgfxp
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uffbrfwd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE