Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    16-02-2021 17:42

General

  • Target

    0567fc59_extracted.exe

  • Size

    108KB

  • MD5

    95a9484a34ab54c2f10b1285377a1354

  • SHA1

    e3c9433f40c97a6f8cd40f0fa19db0bf9a7133f3

  • SHA256

    6160f8f9162640d744f4f2bd5286134b22ed225690250fdda89bbb2384dd1be3

  • SHA512

    be7fc117ecf683cc314b1680a72b77700bf37faf3351e8ecba50a3035fd1bd28205b745d76cf2ae777ec43e61912296097d806c2ab0543576aa3965a7d3ab96a

Malware Config

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0567fc59_extracted.exe
    "C:\Users\Admin\AppData\Local\Temp\0567fc59_extracted.exe"
    1⤵
      PID:1152

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1152-2-0x00000000760C1000-0x00000000760C3000-memory.dmp

      Filesize

      8KB