risepro | 4496-3-0x00000000001C0000-0x00000000007BA000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4496-3-0x00000000001C0000-0x00000000007BA000-memory.dmp
Size

6.0MB
MD5

6619d2d4c05d8fa33f4e1c7dd99bbeda
SHA1

20f79a6430d3dccdd833b5fbd86727d983ae463e
SHA256

4a9e332837324514f8a90edc21c1acf32c479335a7923f175723a0194560bb1f
SHA512

9f27d355c762a8362d3427a7114ba318d487324a24ee7d0668e218e3f425250924046d9e6f096d1e5b46ac19cc94ff585730118472f94631965612996cd73176
SSDEEP

98304:Vqfk1Vr7/QbcUpNQLHmcjNTk5ANPlBZTQ1qllt93UI+qfduFVMTEp:EuVrzQgUXQLHmcpEmltyI3bg

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4496-3-0x00000000001C0000-0x00000000007BA000-memory.dmp

Files

4496-3-0x00000000001C0000-0x00000000007BA000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dnylcums
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vgnsrylm
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE