risepro | 1524-1-0x00000000008C0000-0x0000000000C60000-memory[.]dmp | Triage

Sharing

General

Target

1524-1-0x00000000008C0000-0x0000000000C60000-memory.dmp
Size

3.6MB
MD5

f35f0c3b8d73f5bd5c8a64f1a1a1fbaa
SHA1

984e72b2c1c9862644ef7051f67d1a27600eec54
SHA256

d2ba27e88afa84a2a4d2afb003b318fee3aa93135007c0970e4478f7e80f87f0
SHA512

b45a68f410f69568b65e69cf471695676a9a49722aff9e4bfbbe1b4565a048be9ae6fe0263d05ee0a30672b9fd741cd20abcb9941f6330a3daad9504cd034528
SSDEEP

98304:Dsw9kuJGRUnhzxLRyEK+68Axfxbz8EsX:Ds/UsxbzTsX

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1524-1-0x00000000008C0000-0x0000000000C60000-memory.dmp

Files

1524-1-0x00000000008C0000-0x0000000000C60000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gpjaskdw
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tnckpwoe
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE