risepro | 2936-15-0x0000000000280000-0x00000000007F4000-memory[.]dmp | Triage

Sharing

General

Target

2936-15-0x0000000000280000-0x00000000007F4000-memory.dmp
Size

5.5MB
MD5

f613ca644616195f8c7bfabbe8a89005
SHA1

16e19f5a2347d0c8753a32444076ff64dd8023e4
SHA256

749687aa6de3e0c8bd55f27e810dcf73f83771242cbbc19ddecf803ea5ccf5f5
SHA512

a6a822127e799191c3549e70ae52e3b206f8b15e4aee05b5cba2006d16d4646fd21d336d818b4860264fab7222bb2927d4ddc26613c330403edd7f00c168df27
SSDEEP

98304:qS00mRulJ6X+AhUOWAQnOq0QciqeYdIl7qsJw/c:3DUiqPdIoDc

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2936-15-0x0000000000280000-0x00000000007F4000-memory.dmp

Files

2936-15-0x0000000000280000-0x00000000007F4000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

twgdqanl
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jhkajret
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE