risepro | 4228-15-0x0000000000310000-0x00000000008F8000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4228-15-0x0000000000310000-0x00000000008F8000-memory.dmp
Size

5.9MB
MD5

cf764e68ba9576951acae8bdd0fc7bce
SHA1

cdc1f3d44e48c7ebbeefd4cf320875dedd8022ee
SHA256

d4bcb7146cf94274a817ef6d1979fb0c7cf49d13fedd8b2029342bbae17bad89
SHA512

580ae846b597111e146e0847f29eac26f6fb2a11d022d515d4cd711ffe928ad0b4dc050c904e22463d2451957d44044b9a072e25890e00229760f5c6ee3a4c9b
SSDEEP

98304:qnVFvw435zzpZahQSQLZWc2wlYaDJHCHdgcSD7J5KH84T1qMQu6kiwlyjWL0e:qE435fpMh3QLZWQiOnJ5KH84AYSFjWY

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4228-15-0x0000000000310000-0x00000000008F8000-memory.dmp

Files

4228-15-0x0000000000310000-0x00000000008F8000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ipkjqggq
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

afgdsddk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE