risepro | 1800-35-0x0000000000820000-0x000000000123A000-memory[.]dmp | Triage

Sharing

General

Target

1800-35-0x0000000000820000-0x000000000123A000-memory.dmp
Size

10.1MB
MD5

37faa9dd2d18cc1885425d6654073685
SHA1

b03ec5291fbcfcf47b919cb7aa4b99c8218408f5
SHA256

57af20dbe6540ed5a51e253a75d590db3290a8422c9700d561d7eeca252524db
SHA512

d3bd56ab3e86b54592096c4d3069b89a2b847286938121d9a1ae7784428cfcde26ac984d2080538b1496182947dae5dd4fa6ea37f915b9fef105e1f843f7a9b2
SSDEEP

196608:1/Gg2/MyY5kSBzAhnSi/x8waPeXBLdb9OV6aOCP:1ug2/mhAn/Fa2FVh

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1800-35-0x0000000000820000-0x000000000123A000-memory.dmp

Files

1800-35-0x0000000000820000-0x000000000123A000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp€�
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp€�
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp€�
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ