risepro | 1660-16-0x0000000000200000-0x000000000078D000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1660-16-0x0000000000200000-0x000000000078D000-memory.dmp
Size

5.6MB
MD5

00ec45bad8e85d8692f656a253201604
SHA1

d70fba8110085c4fd502c7191ea45cce799f4fc7
SHA256

25c381a31e8c603b98dfe7827d1bc8c0e2c7590366ef248000d16065309e547a
SHA512

e9403f11b158bd469b3a2d0dfb5bcdae8eec5b42734d2176a782564f5e2515f9cb6d5c1fb59bd8ec045a633f83629e83ea8ff527e2e03b930f01f8af4cbb57a4
SSDEEP

98304:P3rIchBAFCyhqsFcc7e30yBcfUu4YwQZGkds:Pf30QudwWGSs

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1660-16-0x0000000000200000-0x000000000078D000-memory.dmp

Files

1660-16-0x0000000000200000-0x000000000078D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wqjushpl
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

slnoowdz
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE