risepro | 1896-3-0x0000000000D20000-0x000000000187E000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1896-3-0x0000000000D20000-0x000000000187E000-memory.dmp
Size

11.4MB
MD5

6514951a87695341791f5c467cb76538
SHA1

e8ca983d8bbfc407798c2d5e59974815379d7a92
SHA256

d60584922413d8cf908ef106034f0a477912c4009dc7631b3bc624c5b9f65fac
SHA512

2969e82f452c4dace1ca9dfa6af72ad2ac4b531d882389f35e6b58ae539f45ebbfeb18d4f5936014b9f60115bcd99d0eae8ba6d960d5d7150fbc47eba529bd08
SSDEEP

196608:eRaUIXsuPb+uIEM1dTw3i0FtWeW7BHcTAKgJySMI9F+7KPWyZO:gaMw+71eTFqfYry

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1896-3-0x0000000000D20000-0x000000000187E000-memory.dmp

Files

1896-3-0x0000000000D20000-0x000000000187E000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 591KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 64KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE