risepro | 2656-14-0x00000000004D0000-0x0000000000AAB000-memory[.]dmp | Triage

Sharing

General

Target

2656-14-0x00000000004D0000-0x0000000000AAB000-memory.dmp
Size

5.9MB
MD5

ca62a585c4ac646d58e4b4d04357d15c
SHA1

64c8f3dba4f4cfe90bf448ace6678fd88772fea1
SHA256

462b5fe9b6cb9c1957d9c0055cb23a6cbe93f1dce0fb962dbd3d2e37135d7cf8
SHA512

90070e676367e624e0dbe1d2f9b30e96c0635f0ca8c9977bd5f3382472540b0cbdd0a6186c374671ad24af14c6079d00e4208440f9958c7c18c29686377008b8
SSDEEP

98304:Mmm5Rfx7T1Z7d7DQLTeondj8YP0C/KK8fSqNyQBaW1KhtUa71KET9qn5:VCfx/1NdXQLTeoyYpQqqNy1cgB9K

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2656-14-0x00000000004D0000-0x0000000000AAB000-memory.dmp

Files

2656-14-0x00000000004D0000-0x0000000000AAB000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

auqphlkr
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tamzynut
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE