risepro | 3156-13-0x00000000007E0000-0x0000000000D70000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3156-13-0x00000000007E0000-0x0000000000D70000-memory.dmp
Size

5.6MB
MD5

c52042fc0781193b397ec340db7bb053
SHA1

e91daf33d4bd71ba3416271a9309c819bb6b270d
SHA256

2da2299b03888999e52e2c76d53d0cb0c7b53b78da36f1eac0b62d432e71567c
SHA512

be0b7a587240c47b2c754eedfeb80f856e718179a22281c47c082251bb5d68e6b316ce5bf4520a61d9cd2b91b8620eb221e38f5ea9bb85043f4822811c71050f
SSDEEP

98304:5X7+AYpDUQkjHFsNg5Kox/zIQJQ8Q8RyIV:ni+/zm98RyI

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3156-13-0x00000000007E0000-0x0000000000D70000-memory.dmp

Files

3156-13-0x00000000007E0000-0x0000000000D70000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kwhnkrjk
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uaabcgya
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE