risepro | 5116-558-0x0000000000A10000-0x0000000000FB8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5116-558-0x0000000000A10000-0x0000000000FB8000-memory.dmp
Size

5.7MB
MD5

f781438d09e89b54cc014872b991e44c
SHA1

4fe7584bd2c77d9e3511002cf6163a987a80bf65
SHA256

dc64f3fca4acba6ee00ba7c7af35268fe3f476610140b780e9256d0da2150abd
SHA512

e77f39e5788e5735912ad15f7d3c4ba656c498a33df2b87ff9e02aab673252b2f7ac928e6f802b20b36c30e84a9dd4e096437ac6bf2f26e17431a3d4587fc36d
SSDEEP

98304:U7XBSD3VLqaJh8HD27pSe0UvyzCl4yT3mr2UOvIzjR:eeBKzMHmrjkQj

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5116-558-0x0000000000A10000-0x0000000000FB8000-memory.dmp

Files

5116-558-0x0000000000A10000-0x0000000000FB8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

txmojdvg
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

urnvtgis
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE