risepro | 836-40-0x0000000000AA0000-0x00000000014C5000-memory[.]dmp | Triage

Sharing

Copy URL Twitter E-mail

General

Target

836-40-0x0000000000AA0000-0x00000000014C5000-memory.dmp
Size

10.1MB
MD5

316c2f9a33609faab620fb69a6cabfd9
SHA1

d5f1574b94f92c4aa63a9b542e81e012340fd6a7
SHA256

0acbd00bc7266cc38a1f6595a4650471ee7f5e6408734251d272921303bdbe4a
SHA512

2ed7a93c5f8d7b8bf3b525e5ca70ed08702482c4606cc09861ca0d0e6763e7e60901808a7988ae0270b90a035adeb8f6ba6891dc1edb7b37f49cc2a8b12b7ffb
SSDEEP

196608:A8gi6WtVg+UlT+eYaYxsmMOQ0ErwJqpa+FPW3gNNMvLCsl:A/i6WI+6TQaq5wSqZPW3cWT

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

5.42.66.10

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
836-40-0x0000000000AA0000-0x00000000014C5000-memory.dmp

Files

836-40-0x0000000000AA0000-0x00000000014C5000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpà¤
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpà¤
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpà¤
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ