risepro | 2720-15-0x0000000000D00000-0x00000000012EF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2720-15-0x0000000000D00000-0x00000000012EF000-memory.dmp
Size

5.9MB
MD5

a8a4733547f086e847ece94e348afa49
SHA1

f9d658dec24f38d11a7aae751fb3ecbbb55f8ce0
SHA256

a795ea947a005865f950873796eda7f91e20332a5aa81c3672386e3cd0504098
SHA512

9052245810ed953812e2a85b8520b5dcc2c6120eb5fe0b9e6a257d11d071c6c0fbae79351d87cdb50478033a254c2e40b25b0da594b4955d46165baca3fc2172
SSDEEP

98304:f+dARbrDtbvN0d947rg0O4ITolyGJx2HqJ5V8VySTByP68t73f:2qbHtbvNI947k0O4I48VyAIP6E

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2720-15-0x0000000000D00000-0x00000000012EF000-memory.dmp

Files

2720-15-0x0000000000D00000-0x00000000012EF000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 680KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uvxequdu
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dwkyhfwm
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE