risepro | 2860-1-0x0000000000170000-0x000000000067C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2860-1-0x0000000000170000-0x000000000067C000-memory.dmp
Size

5.0MB
MD5

915e78218ddde18f8e9ca32888b05df5
SHA1

60571310992998f6bf5f7263b2282bc2a7ba296e
SHA256

a35d1c1aeca4b716eaba00bc7de45c12b9f62fb49ae9705a7da303cf16b02db8
SHA512

e726becbfca47182177a2e9b1999bf28647440a08046a5084e45c2857e71ce4f732d92903d455be0c75ba8cd9abb45aab41a22215f0f7582bcbfd022e055d20e
SSDEEP

49152:qodhc92HQtwGJTdyxdZoxNrD82XSrfkIUEhxmD5KFFcpk8F6SnrQIm:qwe9NtwJxdZoxNrD82irV9hFFCFr

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.74:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2860-1-0x0000000000170000-0x000000000067C000-memory.dmp

Files

2860-1-0x0000000000170000-0x000000000067C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 574KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hipxlteq
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

niycfank
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE