risepro | 2456-3-0x0000000001200000-0x0000000001F8D000-memory[.]dmp

General

Target

2456-3-0x0000000001200000-0x0000000001F8D000-memory.dmp
Size

13.6MB
MD5

29a14b1287cf4d8bde632852274b9d21
SHA1

33e23a4b950338aee4102e7e4e053214b3de1237
SHA256

10ca6cd1570e05b8a09bd1dd673b0f8015aa4bbaa4b80cd66cbc8c24543db681
SHA512

3e3161c9450466fc4b5b0dce4946d82e8d7dfcc6f5c82e783418cef839171e07bb6e1ba4e90f1e97093118d4241caa9d0fd5511b1095e77f65e612d7ea6b40b5
SSDEEP

196608:sOsIPXqX+pmeA7dDKhrPDcwcXyTAgr6RKB/upWc9yfDVZmHHCHaTVpTOsFufyX9m:sFeAZDarPYwcXeBu2mWcorKH+aPO7KX

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2456-3-0x0000000001200000-0x0000000001F8D000-memory.dmp

Files

2456-3-0x0000000001200000-0x0000000001F8D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.][&uÚ^
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.][&uÚ^
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.][&uÚ^
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp"Û-
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp"Û-
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp"Û-
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 154KB

.data Size: - Virtual size: 13KB

.][&uÚ^ Size: - Virtual size: 2.2MB

.][&uÚ^ Size: - Virtual size: 1KB

.][&uÚ^ Size: - Virtual size: 1.3MB

.vmp"Û- Size: - Virtual size: 2.1MB

.vmp"Û- Size: 1024B - Virtual size: 972B

.vmp"Û- Size: 6.7MB - Virtual size: 6.7MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 93KB - Virtual size: 93KB

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 154KB

.data
Size: - Virtual size: 13KB

.][&uÚ^
Size: - Virtual size: 2.2MB

.][&uÚ^
Size: - Virtual size: 1KB

.][&uÚ^
Size: - Virtual size: 1.3MB

.vmp"Û-
Size: - Virtual size: 2.1MB

.vmp"Û-
Size: 1024B - Virtual size: 972B

.vmp"Û-
Size: 6.7MB - Virtual size: 6.7MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 93KB - Virtual size: 93KB