139cd548f6d5ba5c817248d17021cce6217cdbf5011b220a686ae8a65c12445c | Triage

Analysis

max time kernel
4s
max time network
1s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-11-2024 10:10

Sharing

Report Analysis Logs

General

Target

Rampage.exe
Size

2.2MB
MD5

95709d698e7dd8d27e89fd6d9949ec9e
SHA1

0c334e68068f52f87b3e2414ebeac0803b55a4f6
SHA256

139cd548f6d5ba5c817248d17021cce6217cdbf5011b220a686ae8a65c12445c
SHA512

7fb4c32b6d29059bbae9a7cd05dc66ba6537bb75f7c2c12de44c54b32e6efcfccaef3c1367802d1872a7f0855c65cf35b6b5c3ef41b567a145708888ad0e3fd5
SSDEEP

49152:92kHSucxcEeWJa4q2Fi/mU5QyrIx6hpfou+7qN8vEM:9nSu+cEeWJa4q2Fi/f5QFwpfod7vcM

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Rampage.exe

description	pid	process	target process
PID 2748 wrote to memory of 2532	2748	Rampage.exe	WerFault.exe
PID 2748 wrote to memory of 2532	2748	Rampage.exe	WerFault.exe
PID 2748 wrote to memory of 2532	2748	Rampage.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Rampage.exe
"C:\Users\Admin\AppData\Local\Temp\Rampage.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2748 -s 44
  2⤵
  PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads