risepro | 2264-15-0x0000000000050000-0x0000000000613000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2264-15-0x0000000000050000-0x0000000000613000-memory.dmp
Size

5.8MB
MD5

33cef32eb631c872eec5bc1490f1f804
SHA1

a9fb1138b8e0072ffbafa0e55202b135c3a8d8d7
SHA256

9938999ddf42191ba1e590ca53bf14b5cb0e274d0c0b58a56725fbc81ceaf53d
SHA512

29ac4cbb2114a8b5797610954bcf81fa7b5196e4c3bbfc53789952f86f63497d36b8345f1d6461b8054d6f4484ae2e3f38f7d1815aab6ba6ceee70cbc22154d1
SSDEEP

98304:N26QRaPhLQdMAm8AQLPozRnOPncWDp4cL429Pearw7Nw/8xNv:86zPhsdhmBQLPuGcP4429Ps7t

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2264-15-0x0000000000050000-0x0000000000613000-memory.dmp

Files

2264-15-0x0000000000050000-0x0000000000613000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mlpdkjeg
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

usgmfmue
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE