risepro | 2100-2-0x0000000000210000-0x0000000000D51000-memory[.]dmp | Triage

Sharing

General

Target

2100-2-0x0000000000210000-0x0000000000D51000-memory.dmp
Size

11.3MB
MD5

de06105ba86c2b1064f84f3ccd29f48c
SHA1

ab1bd906f0054bfae90498540a1d1b50d9ae5151
SHA256

389287872be35feccfc58481c37d03f25dc06c6e929657bfd39adf0d822a716e
SHA512

bbe4f9c968c07eafadaa96129b866af4b25983bf959f71b74fd2377b4bcfd88e1256f3594fbbfca2004e01ddb70bbd815c728d4fe50a9b681d5e925ad460e901
SSDEEP

196608:hCP4IIGFHiOgk0Ae2eSqfMP6GC/Vkldn1gkeHNSUIBW:hbUi3KrqfMCGEkldnqkeso

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.67:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2100-2-0x0000000000210000-0x0000000000D51000-memory.dmp

Files

2100-2-0x0000000000210000-0x0000000000D51000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&uÚ&u�
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.&uÚ&u�
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.&uÚ&u�
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 990KB - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ