Overview

overview

10

Static

static

[email protected]

windows7_x64

10

[email protected]

windows10_x64

10

Analysis

  • max time kernel
    145s
  • max time network
    154s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    16-06-2021 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    1007KB

  • MD5

    2c5a430bba25700116ef43290096f78b

  • SHA1

    f932df755efaac964a7684b16445c5a0330e60d0

  • SHA256

    42501637672342127aba0926855810bd7c9f22a3c6c64b8df4716cedd0f8550d

  • SHA512

    796d5cdc5127e59844266b604d85c88955b0fe095ecc508e8070dbec380fe4a03fd8ae2070be8dd393844a165b0a223a9691850df16df202b9ef9c80bae52a9a

Score
10/10
warzoneratinfostealerrat

Malware Config

Extracted

Family

warzonerat

C2

194.5.97.174:1360

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4056
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jCAphZ" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9EC6.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:2016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp9EC6.tmp
    MD5

    f90238edfa3e9669b287541c5e7a8c15

    SHA1

    ee447cc2ce87f8c044f4eb9ce72cb839c0b0c06a

    SHA256

    011372ba5919bbc742e4d3abc58ba21003aea74799b840d17792e7a5691f8135

    SHA512

    566d122037b7cfbfaa5616f0464121f928ba3c84a2e121c69d4fff82f110c0a643266c23677c4c030bdc30baa12d14a8f9140e98c84d197dcc11050c2a0105e0

    Download Submit

  • memory/2016-123-0x0000000000000000-mapping.dmp

    Download

  • memory/3076-127-0x0000000000400000-0x0000000000554000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/3076-126-0x0000000000405CE2-mapping.dmp

    Download

  • memory/3076-125-0x0000000000400000-0x0000000000554000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4056-118-0x00000000054E0000-0x00000000054E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-121-0x0000000008EE0000-0x0000000008EE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-122-0x0000000007020000-0x0000000007061000-memory.dmp

    Filesize

    260KB

    Download

  • memory/4056-120-0x0000000008E30000-0x0000000008E32000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4056-119-0x0000000005530000-0x0000000005A2E000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/4056-114-0x0000000000B00000-0x0000000000B01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-117-0x0000000005440000-0x0000000005441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4056-116-0x0000000005A30000-0x0000000005A31000-memory.dmp

    Filesize

    4KB

    Download