risepro | 204-0-0x0000000000920000-0x00000000010EE000-memory[.]dmp | Triage

Sharing

General

Target

204-0-0x0000000000920000-0x00000000010EE000-memory.dmp
Size

7.8MB
MD5

a4c5d4cb3489d0c2d59e57e250ccc4ea
SHA1

92ba863627150612c3c0a36bf5f1ec741f021287
SHA256

541cbfa9814148f17158ae0b029269d8e7f0befbf3cd176b669f92fbe0eb0d4e
SHA512

7137fd5a29993c97df77d1e009e55586503b13ae591f1ad02cc9001a1bcccfb1f567b1ec7a66e7badfed2265a56e4f0a9eda538de69a2a2cce0cb163e77925b2
SSDEEP

196608:RFhb06FHWQL1GvlrqAcQrdNfell8IEwtrN0s3fQ:Xhlh3Or/dAllTn

Score

10^/10

risepro

Malware Config

Extracted

Family

risepro

C2

5.42.67.8:50500

Signatures

Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
204-0-0x0000000000920000-0x00000000010EE000-memory.dmp

Files

204-0-0x0000000000920000-0x00000000010EE000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp¯Ã
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp¯Ã
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 654KB - Virtual size: 843KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ