risepro | 1644-16-0x0000000000C70000-0x00000000011E1000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1644-16-0x0000000000C70000-0x00000000011E1000-memory.dmp
Size

5.4MB
MD5

3f166839c4599d4f74ed7f282f97a681
SHA1

89a6dd4a50a6d5a3e1dc282f5daa355374d323a5
SHA256

4e3017681c5aae3f9992c277c9b565418b4994fcb69825c6be48ba81a912b775
SHA512

6e1e5990ca9eee498bf0da40262b077c1f9d264949dd67f5a20830cb5cd800f73e4947b9f2bb61b0f6a473567e8938d330f75df6e7ef84bcf94a0b80f8e68d3f
SSDEEP

98304:nr9MdzqPyHSZ18pkIX8ZqjzzN3AnTfOP9D04FRMaOS:6QIX84zzZAnGD04XMa

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1644-16-0x0000000000C70000-0x00000000011E1000-memory.dmp

Files

1644-16-0x0000000000C70000-0x00000000011E1000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fzrqabsy
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qcxyajip
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE