risepro | 2284-3-0x0000000000B50000-0x0000000001144000-memory[.]dmp | Triage

Sharing

General

Target

2284-3-0x0000000000B50000-0x0000000001144000-memory.dmp
Size

6.0MB
MD5

da593c52008607fc95690dfed8e4a3b5
SHA1

3986282359eeedd010f79b00f43e766d6ddef555
SHA256

dcfeb8d280f1474e7f754b18e73a8d4db107a2b70f2f129a86d5b384071b628c
SHA512

5ff42ed7f71eaac46ec4ea61354f389b01b95deabe6551af9a90163ebfe0c930690be3d342c13f72de7a65519506b60b863005c41d848fd4bc5f2f5a2e245bec
SSDEEP

98304:gD7BaPhLJt/M5EAQLUuPZ6v8ydfjrWmftL2ofPKptmH5yas88vQ:ckPhNtk5lQLUuOrKmF22PymZvs8

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2284-3-0x0000000000B50000-0x0000000001144000-memory.dmp

Files

2284-3-0x0000000000B50000-0x0000000001144000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mdniwztx
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yjivyyey
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE