risepro | 660-3-0x0000000000240000-0x0000000000D62000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

660-3-0x0000000000240000-0x0000000000D62000-memory.dmp
Size

11.1MB
MD5

9c649fe2069daae0fd63d5724151d722
SHA1

df8d63e93b165c153cbcd689f63f0a3da1fcf15c
SHA256

b1e44f8879d038cd240eae9ca5be0d4504b70cc3e85735222ba4896e8b847096
SHA512

40f8576b09a723d8c4ba5e34497d41b3d73f55d0bd5492d32155aef47047881bb0ac7d167c1eb49f816ee62362c447f209bc72347efb4348e4622b4d12e7d53f
SSDEEP

196608:13Ngylq2vdAGDe4KMiajAosO1hxgtKkzfupi:17q0e4d5D7gzfuA

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
660-3-0x0000000000240000-0x0000000000D62000-memory.dmp

Files

660-3-0x0000000000240000-0x0000000000D62000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 461KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 72KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE