risepro | 4776-3-0x0000000000090000-0x0000000000693000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4776-3-0x0000000000090000-0x0000000000693000-memory.dmp
Size

6.0MB
MD5

fc2d2030443d17810054a60e1e7919cb
SHA1

43dc0c0730d47d11c93e9d731f4b2d29161f39c2
SHA256

54094ff904d81f1b498227e8e91de09c2e45a3c2d464df1e3f937a8aadd06e79
SHA512

793103bbdbac09308e39f5e1c238eaff996086ee5bf9152cc5773c34db7b76b1e4de4d35bbb97608c5d018b93592ccfb58ed6bfe1e32e0316b26808bb8858885
SSDEEP

98304:B0G9t35TuRsb6F8QLqWA3yM96qVPGX3v5GS6U+1m4NG1fn4+m:WO35KRW6+QLqWA3C5SUSNG1f2

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4776-3-0x0000000000090000-0x0000000000693000-memory.dmp

Files

4776-3-0x0000000000090000-0x0000000000693000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

soqcdxqb
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

iezlpjvr
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE