risepro | 5044-0-0x0000000000180000-0x00000000008D5000-memory[.]dmp | Triage

Sharing

General

Target

5044-0-0x0000000000180000-0x00000000008D5000-memory.dmp
Size

7.3MB
MD5

836f8905689652ef30931e0ade333996
SHA1

5f65a82cf8ce4dcb7bd8d2a81d638cf4afaa89d3
SHA256

bce45468392be6e2df5ea79184327663e9eff848c56c127ac2bdcd25832ae9b8
SHA512

67341a238636e24a5533f58f53285a8b45170f83a1784afff3271b53a70cc3ce8e19ab6781a74a2f7c9a637aa8baa0cd4142ec34261b48c5f791ac930f06c22c
SSDEEP

196608:tw2Q6lGHH+deIE17PDdMykQ6yIqRxGvT2TOY5PlLHEXJYwzlHmz:22i+dy7hjsqLGL2b5PmJY8Hmz

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

5.42.96.55:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5044-0-0x0000000000180000-0x00000000008D5000-memory.dmp

Files

5044-0-0x0000000000180000-0x00000000008D5000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpà¤
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpà¤
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpà¤
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ