risepro | 3396-14-0x0000000000D30000-0x0000000001328000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3396-14-0x0000000000D30000-0x0000000001328000-memory.dmp
Size

6.0MB
MD5

afee3683589bc40e2cd08a4dab4f8940
SHA1

758d9891f828666f9232331286e30ed86d40a9a3
SHA256

1edd479d188e5dde25addd4864aa922ee81f95a397e0e586eafdd8cb694237da
SHA512

8f321daa2442891a85d26f9ede029903f36352fcc2c74a389aba17b5e005f461d31c8783f28cd161596f1f8962111d03377f44d75b7cbdbf83d1fbace35d8b96
SSDEEP

98304:qizLv9+j3L4WVqHdn0n0ODWvJES/1q+Q6uOMyI6N2eQo6hz/zdMamOxMIZbqHgQd:HP9S3L4W8HdnU0ODWPr2eQ7xmOaIZuR

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3396-14-0x0000000000D30000-0x0000000001328000-memory.dmp

Files

3396-14-0x0000000000D30000-0x0000000001328000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

roaqzukz
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

riehrlkm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE