risepro | 3024-3-0x0000000000C20000-0x000000000121C000-memory[.]dmp | Triage

Sharing

General

Target

3024-3-0x0000000000C20000-0x000000000121C000-memory.dmp
Size

6.0MB
MD5

3c8462419cf92604fca969b7a233f21f
SHA1

e43c1d8ae1677a42b1a9c7e4b5991774e02db6b6
SHA256

af3982422a45111fd42873874d3f1122ece1dc183f2cb77a99969c8d0c8e3e60
SHA512

e4cfedf47e49433b40db2bb169df873f1a2e84b74e42370e8ece2fde6d7411f428444321fecfd8c87b9450319bcf7f44569cd5ba6374391e356064f5b89982d1
SSDEEP

98304:+apurB+0MoIK+fffzQL5mztzIU44Y/+pYs/MtlYIOFwap3aysOEKwkJ2Q7EYu0Zx:vQBbMJKofbQL5mrYk0nOyal85UJO6Pjm

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3024-3-0x0000000000C20000-0x000000000121C000-memory.dmp

Files

3024-3-0x0000000000C20000-0x000000000121C000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rqbczehx
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ycqlqinx
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE