Analysis

  • max time kernel
    144s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    16-02-2021 17:41

General

  • Target

    e4cf2714_extracted.exe

  • Size

    108KB

  • MD5

    8ca266d4d1ce81ab138e70a4736e0a83

  • SHA1

    2e19837c1fdb29a7fd752c677f15da260ef48d41

  • SHA256

    7142ea9e61e8c2b51d58d3745d6609b6c53edf8535de28bbcad79e63bca89a0a

  • SHA512

    0e45c5d709b2aafe636a1c90fc9ef0b6b1f1ea3b2f442d68835bf76778da278c3d2244247b9d049742389efaca73bc5183ab5ef94f51c25bccd8eb866bce4d4e

Malware Config

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4cf2714_extracted.exe
    "C:\Users\Admin\AppData\Local\Temp\e4cf2714_extracted.exe"
    1⤵
      PID:1804

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1804-2-0x00000000767C1000-0x00000000767C3000-memory.dmp

      Filesize

      8KB