risepro | 4200-3-0x0000000000B60000-0x0000000001168000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4200-3-0x0000000000B60000-0x0000000001168000-memory.dmp
Size

6.0MB
MD5

64ef743c757f6b4a18e63747612dcde5
SHA1

c4a6750a89259e5c0aeaab4c7d3c12add02ff9ef
SHA256

d754cae1ea0090ff33655b9d84f074163dc8664219f03121cd8fe3ba18e1aa94
SHA512

169dd3d0e33fd131df9f9551127ff3e5c161ffb5cd60b067ca44469aa8895934715a434a9b448bb3cef3eea5904c129901f36e2ec9098240bcc78baabb1a75f5
SSDEEP

98304:MoAa1pDnpeGk/c7QLVmccXOhyZg7w386yZ1mF7GXW2EC2fnhCdeQOU5TPXNZx1RM:vrpDpen/qQLVmuhY9C2fhCgQLTPTPRE

Score

10^/10

risepro

Malware Config

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4200-3-0x0000000000B60000-0x0000000001168000-memory.dmp

Files

4200-3-0x0000000000B60000-0x0000000001168000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oaoqjfpt
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bpzzorcp
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE