risepro | 3524-146-0x0000000000280000-0x0000000000886000-memory[.]dmp | Triage

Sharing

General

Target

3524-146-0x0000000000280000-0x0000000000886000-memory.dmp
Size

6.0MB
MD5

31b27bc6b79e5ce444c10d4193f6f94b
SHA1

0bf918579a6a6e5f7398dec7b1f1f6ae79a1b03c
SHA256

e2c2c4278f4622932a07fa38186c9ecd010bb8a4469f31efab5f5f870f80a489
SHA512

db7e12f95dcac578fa6baa3973a73b0d9d74e7a5dbf3e555bd0358ed0ec064ca1aca3e7cc9152c95bc62e6fa413f408d22987ecea0c22ff604aa4623f103f712
SSDEEP

98304:7/5WItVjzEssZ3ARQLmmolQI9v3ZbAiCIzr5z90F4hjQdMciyVYGYTe:rNVjYsI3IQLmm4d9z90F4hjQuyes

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3524-146-0x0000000000280000-0x0000000000886000-memory.dmp

Files

3524-146-0x0000000000280000-0x0000000000886000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 685KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hsngmxpe
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fbzgydqe
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE