risepro | 1284-16-0x0000000000140000-0x00000000006C7000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1284-16-0x0000000000140000-0x00000000006C7000-memory.dmp
Size

5.5MB
MD5

9584d8f5203eebb004fbf23436e4a74b
SHA1

6d05d17e707855bf18c393552b64da5362a33a0c
SHA256

a9c976afa7036138002bb1d3eb5cec6e8a3c2072f1595318b7ccf8dda7c318eb
SHA512

b4d432a039cb337d3b32041e470387f183dfbaf601c217df81de72cecbfc03b7e76fa890d650fa1755f80c820dd2b33c8651d3ab8a2c1129c4753caed734eae8
SSDEEP

98304:40dYz5Hi/kMiAV37+7GIb3U71heZRfXhmusi:IIV3SiI3U77eZRvhmuR

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1284-16-0x0000000000140000-0x00000000006C7000-memory.dmp

Files

1284-16-0x0000000000140000-0x00000000006C7000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vuazmuwn
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nyyzsypi
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE