risepro | 2128-401-0x0000000000410000-0x00000000009FF000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2128-401-0x0000000000410000-0x00000000009FF000-memory.dmp
Size

5.9MB
MD5

b0d47ef989b3b976c16e4dc0b09a7bcb
SHA1

8bad32963c247fa0d653b83a829dc90635b474fd
SHA256

c894ae93bac65462efa932dbba3fb098a433814791329e32e2545b0fea3cf719
SHA512

e6c1a4ed29c5117e235c6fc59939473afc65d5a9493ae5630aa196427926a3583f2fc3da0ff4756754a8f782c03c33f4659633e96f2cceae416a9c76b53a86ef
SSDEEP

98304:JDbVcXZTHZVOjmlQLHHW8yc5WS3oWhbnIXSC2bxdhSMlvYLxfOScXl:pqXZbZQjKQLnWe/C2JSMJY12SQl

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2128-401-0x0000000000410000-0x00000000009FF000-memory.dmp

Files

2128-401-0x0000000000410000-0x00000000009FF000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sfwzasys
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wqjpwdlu
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE