risepro | 2876-6-0x0000000001000000-0x000000000159B000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2876-6-0x0000000001000000-0x000000000159B000-memory.dmp
Size

5.6MB
MD5

b1222d03be85c1ccc125ef8302ca565b
SHA1

e4396b5b41067b972da6c45666cbe7f896cf1efc
SHA256

c8d82023f3ce35951763a156c14b0d49cb2dbaa8593e5fa89843601bd4639b59
SHA512

1c296eee212d13f3c3dec9ac94af5cacae5e2b4b5005ba84f135bd1b2a971912424194febea8d8cdb88ee04a88ab77e5d5f56da5ee3aa6b450ace6822a8e6141
SSDEEP

98304:pQuusWrR+djambmtWNeSZhq6Uo95karFGvqYyy+6LPFSYia06/3:pQ9nSHhGCxyBLkY0

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2876-6-0x0000000001000000-0x000000000159B000-memory.dmp

Files

2876-6-0x0000000001000000-0x000000000159B000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tpckrddw
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kvfdlaqn
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE