risepro | 2980-5-0x0000000000280000-0x000000000080C000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2980-5-0x0000000000280000-0x000000000080C000-memory.dmp
Size

5.5MB
MD5

9da02c66a4cd534e22a260e58bae2b33
SHA1

94b1bed551435b4af871dce9e93e7e0684cb2b6a
SHA256

a158d094da9c6a71525282a6a19c5ba1cb1459a6d4d9fdd7f516879191134b1c
SHA512

169bb380ef99ca7017b9f1c722dffc5e80e48589c1d4965afd37a7f1e72d9d277cbc11bffb34ad931bbd8e689113654d96142b72e3baaf703b8322b7e5636592
SSDEEP

98304:Ckj2XGOIBF/zUIMP8p2NowJ+TOp9wkMVkTsfq0Wg9kFQjyYa+UF:CkgjbIEJw9kwqWaFZD

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2980-5-0x0000000000280000-0x000000000080C000-memory.dmp

Files

2980-5-0x0000000000280000-0x000000000080C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jrqxjcoz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hvurtmpq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE