Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
10-07-2021 11:02
Static task
static1
Behavioral task
behavioral1
Sample
c62b1fdc546779ba469db64d1cb60e22.exe
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c62b1fdc546779ba469db64d1cb60e22.exe
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
c62b1fdc546779ba469db64d1cb60e22.exe
-
Size
113KB
-
MD5
c62b1fdc546779ba469db64d1cb60e22
-
SHA1
4ed27e66827e84742e9bf004a946ef885eb63339
-
SHA256
3227adef3bb92d94337e08fba6b7a73dbc93b06239d6af04625c571f6755fd6e
-
SHA512
05da8cbf014406d10d9273707ac0c4524176bff8da11340a93c86380f5bcdbc95f63e0c4bc7ac072cc2a4d77972554d1e75f945943ac7b1793bf89f05e3c4197
Score
10/10
Malware Config
Signatures
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Drops startup file 2 IoCs
Processes:
c62b1fdc546779ba469db64d1cb60e22.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat c62b1fdc546779ba469db64d1cb60e22.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start c62b1fdc546779ba469db64d1cb60e22.exe -
NTFS ADS 2 IoCs
Processes:
c62b1fdc546779ba469db64d1cb60e22.exedescription ioc process File created C:\ProgramData:ApplicationData c62b1fdc546779ba469db64d1cb60e22.exe File opened for modification C:\ProgramData:ApplicationData c62b1fdc546779ba469db64d1cb60e22.exe