risepro | 2260-1-0x0000000000C60000-0x000000000101F000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2260-1-0x0000000000C60000-0x000000000101F000-memory.dmp
Size

3.7MB
MD5

0d0ef8260d1873f6526b608029028d44
SHA1

dd98d0969365276980ed1c1c9530c94cd9b1f7df
SHA256

247bcbc672d65f7319bb5dcf169dd55deb98ef880f2a67f1d0ca3b6eacc8e267
SHA512

6273dbca297030c7edf105dd8d68dbc8a2763892b2980a694f99e0538ac8f17aaa6153e52941da2533d03c872cc5fe7eea71d4aff7ccf44b225441887c17668b
SSDEEP

49152:xAqfGBTsxy2reyYf9ZTPglLinueM++nJkgjyqIGPeDnf:xAqfST2rw9ylLinu+6kgjyUPS

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2260-1-0x0000000000C60000-0x000000000101F000-memory.dmp

Files

2260-1-0x0000000000C60000-0x000000000101F000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hopvfqve
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

inqgulwv
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE