risepro | 4368-655-0x0000000000F20000-0x00000000012D0000-memory[.]dmp | Triage

Sharing

General

Target

4368-655-0x0000000000F20000-0x00000000012D0000-memory.dmp
Size

3.7MB
MD5

09a25086803be1782dca124f4f55213e
SHA1

d420ad7e0b39f198bce3c29c3f0cb266be6845fb
SHA256

2fce69467df6d30a5da6bb95a2f4ba9b9a8f02add8fed086a4aabbd139ef35bb
SHA512

9be3a3cf58a327ecc4bf948ea3c42b6c98927ec99ea2793f912073dcf82589afb82c1a93a78d76416dee089da737b44ae5b9c63a18920fbc0cdc88d1c8d71602
SSDEEP

49152:SiFdx4pLzcqo7teooOTFZYEX1cKidq6yY9pg1be+hCKnE5M:SiFdxgvcqoXoIjXOKidVyQGe+RE

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4368-655-0x0000000000F20000-0x00000000012D0000-memory.dmp

Files

4368-655-0x0000000000F20000-0x00000000012D0000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

msidkkig
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yxlkkgdb
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE