risepro | 2796-0-0x0000000000E60000-0x0000000001629000-memory[.]dmp | Triage

Sharing

General

Target

2796-0-0x0000000000E60000-0x0000000001629000-memory.dmp
Size

7.8MB
MD5

bad19ee6a77bf16247845df68e510d99
SHA1

4967337c5db9329bfbef545d4d33eba0a7145cfc
SHA256

86203ad89841bcc790ad10a02b38c24a7d8baa36afe2f36620daa288d30ac1e3
SHA512

39eedc621dfa2abfff2638e9b3de8fbcf4ebaaaa1a8a6a76dd519d07d3c59cb436472b6ea0e646f78769d10ce6cc33d5593fd3d2dd60788b039b518e31a4a37c
SSDEEP

196608:VppDkul3SQLd3GlVb6a5pxzo6gWUxnrA4Xbs3fE:/pZ5L3OjBo6Qr9W

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

5.42.65.116:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2796-0-0x0000000000E60000-0x0000000001629000-memory.dmp

Files

2796-0-0x0000000000E60000-0x0000000001629000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¯Ã
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¯Ã
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 654KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ