risepro | 1968-16-0x0000000000E80000-0x0000000001409000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1968-16-0x0000000000E80000-0x0000000001409000-memory.dmp
Size

5.5MB
MD5

5bf9222c3b10b6e706d9c660e8aa78ab
SHA1

9e3d3bf1e8a452915d5880a3f7fa6785b8686473
SHA256

388a317b1c549117c930b714f27dd3800e3d33b78ec2d095cf46f36e5984d3be
SHA512

7e0bf19a7a32ed7b7f694a7890610fde3c9ab52a7fa454c63e27419be13c3c0ee75fa4ff0a419559598f24d740bcc2b2d1876f6c6367d531eafc32e974d4bff6
SSDEEP

98304:4Hw0mRVAwc+HtIfgpmYcIxe+1UCc6D8YcwpvMG0m8fzT:RtOIxe+lSYLpv50mC

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1968-16-0x0000000000E80000-0x0000000001409000-memory.dmp

Files

1968-16-0x0000000000E80000-0x0000000001409000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uzfwfpkg
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rrrqkagc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE