Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
28-05-2021 17:37
Static task
static1
Behavioral task
behavioral1
Sample
cedbf0cf_extracted.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
cedbf0cf_extracted.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
cedbf0cf_extracted.exe
-
Size
101KB
-
MD5
8f0e82e303487711e319cc9ece505520
-
SHA1
8cb59f8be0e1a0be7e95aabdf7dc32b979d9c307
-
SHA256
438be9e574213e71135a3bd5cc2ad983287579287432d64559ea40a32823bb82
-
SHA512
78667fa6702e06c8e16a5e767006a2a2daa12fdd60363fa15ca85d18efa1668bcc7d70b3ed0c87a6480a4153bcec3879f656e41028e3c6e58901955a35a95750
Score
10/10
Malware Config
Signatures
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
cedbf0cf_extracted.exedescription pid process target process PID 3892 wrote to memory of 4052 3892 cedbf0cf_extracted.exe cmd.exe PID 3892 wrote to memory of 4052 3892 cedbf0cf_extracted.exe cmd.exe PID 3892 wrote to memory of 4052 3892 cedbf0cf_extracted.exe cmd.exe PID 3892 wrote to memory of 4052 3892 cedbf0cf_extracted.exe cmd.exe PID 3892 wrote to memory of 4052 3892 cedbf0cf_extracted.exe cmd.exe