risepro | 2380-6-0x00000000001F0000-0x000000000078E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2380-6-0x00000000001F0000-0x000000000078E000-memory.dmp
Size

5.6MB
MD5

5c5079ec1647a87aac7dbc58667c552c
SHA1

9c7508c80c4c45f6e89d6cd43502e217a0f7e345
SHA256

4a59007eaa5bb87bb5b8f0f49ac47dbd53fbc54e07f0cf7ebf666086e71cd3ef
SHA512

9fababe19c0aec7bed7a923450a2ea757293b5ae0a023b623941f7dc6d648126520397bc1ce002ef15b4a43c6433a8e62692cc140c9d9c875f35a2d6fc517127
SSDEEP

98304:d1NuBFXsOIiuooK5MfjoCoFS4oOXqu1JEH2geIsy87rciuKys:d1s9Q+rJEWgeIk1

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2380-6-0x00000000001F0000-0x000000000078E000-memory.dmp

Files

2380-6-0x00000000001F0000-0x000000000078E000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jwzurfak
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uueegrrg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE