risepro | 1408-1-0x0000000000F60000-0x0000000001302000-memory[.]dmp | Triage

Sharing

General

Target

1408-1-0x0000000000F60000-0x0000000001302000-memory.dmp
Size

3.6MB
MD5

36da091ef51dfe04a74c5f2b9958e5f1
SHA1

813823e8fb836b86b3e6c58a32dc4e75577099e0
SHA256

3e56df211d0bc57eb573a59a675970c87d4c02d640cb9fc03a7c1a3e897aa776
SHA512

fe9a64710942493d085c1a01040560a6612e6d14fca409715ca521e4218f53001650892470bbd40c412afaebc3db3457af3d2789358c2ab24eaddcab8fdd3c8e
SSDEEP

98304:+rhEPGGEUKk7b6GXpQM1aFlFtmnw34a5xrCyB:+rmXJXWtmnw34mxrxB

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1408-1-0x0000000000F60000-0x0000000001302000-memory.dmp

Files

1408-1-0x0000000000F60000-0x0000000001302000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lxryczxv
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ubmdmjrk
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE