risepro | 2736-37-0x0000000000080000-0x00000000001C4000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2736-37-0x0000000000080000-0x00000000001C4000-memory.dmp
Size

1.3MB
MD5

1f11fd358e277d2abfe760295d29733c
SHA1

31517bf2e37c04a5800ec7a93f6d87ed589f12de
SHA256

ff6f0ce7d70647a54009233ceb3c7f59cb6aa55445e88bf767853edc887cc80e
SHA512

2f25356bc65130b098241d4e9194f5110af2296b6550a04a3c49b10224443fdd8260e096afc42585a493848f5231aaeca47e83714ef7376521b7d57efc8a15e1
SSDEEP

24576:Sa4r9bT3aafbmBLKsLrsLgYxns5B0LVDXeyTS24Spz0Vr:wr9vqaqOs5SVDXeyTSSpz0Vr

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

91.92.244.67:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2736-37-0x0000000000080000-0x00000000001C4000-memory.dmp

Files

2736-37-0x0000000000080000-0x00000000001C4000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ