risepro | 2120-6-0x0000000000A50000-0x0000000000FE3000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2120-6-0x0000000000A50000-0x0000000000FE3000-memory.dmp
Size

5.6MB
MD5

d23baf8564488e6acb5d7ce56cab382b
SHA1

43c8a00e8fbe209b703a532d12dd422b198ca234
SHA256

467782ea91ee35dc3ca1671f4799b233dd7c42b4fe0dfa481d068547ae675d1d
SHA512

fd8a92052734ae51ce424aa63ad34ca58915999382fa6fa19de3eb8e906e62f56498d6e103ecdb19c10c4e10c28edfcc389b84537ea171178bf2b040781012a1
SSDEEP

98304:CMVOuiROKqiY/nrt/n/dapIqkR+SnrdN1PI9nMFy2hsEozIiz7:CMYIvlpN1A9MO/zIiz

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2120-6-0x0000000000A50000-0x0000000000FE3000-memory.dmp

Files

2120-6-0x0000000000A50000-0x0000000000FE3000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 573KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kzkqfgry
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gigeizgl
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE