risepro | 920-7-0x00000000003E0000-0x000000000137D000-memory[.]dmp | Triage

Sharing

General

Target

920-7-0x00000000003E0000-0x000000000137D000-memory.dmp
Size

15.6MB
MD5

f0c696f6c787fdeefb8793060c16e948
SHA1

91f67d7252a2141a491a7e9d2b4ac60156535e03
SHA256

2604c6ccdb394ab31ffe322278751d6c509658db16940a39faea6cfced6cfb4c
SHA512

e7b97e9e15c6a3ff737d833b98d9a21975e28ba014a697def96951b54399f71b67430117020a304fdf113a61b54faa5e6a52799f01848564b1629c5a8f8152d3
SSDEEP

393216:QyxhjixNk4uCfSzGcNctdGXrtWOl5/k/1I4TtsRvkuN:n1R8tUXrjl5kptT

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

5.42.96.65:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
920-7-0x00000000003E0000-0x000000000137D000-memory.dmp

Files

920-7-0x00000000003E0000-0x000000000137D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp#+Ï
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp#+Ï
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp#+Ï
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpY[.
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpY[.
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 154KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ