Analysis
-
max time kernel
59s -
max time network
145s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
20-07-2021 18:40
General
-
Target
Orden de compra.exe
-
Size
808KB
-
MD5
0e01d4a19afa5c98b4ea02e90d1452bc
-
SHA1
f450f340626bb0e9c89d04d0bb2ec97dcc9d4628
-
SHA256
a2f8c191b7fb47cf9266a986aa47e6897d6615889b76a0050450fb68afc279f6
-
SHA512
d255c6198db56993b84ffc8ade0b5717972fa3f42a81fa36ab65272e803005c4cdbf27da39f4673b97a777dc0013e0c3cbb6db6c4b8ddf3ccfc0869c4934e88a
Score
10/10
Malware Config
Extracted
Family
warzonerat
C2
juner234.ddns.net:5793
Signatures
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Orden de compra.exe"C:\Users\Admin\AppData\Local\Temp\Orden de compra.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\logagent.exeC:\Windows\System32\logagent.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1860-61-0x0000000000000000-mapping.dmp
-
memory/1860-64-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/1860-63-0x0000000000080000-0x0000000000081000-memory.dmpFilesize
4KB
-
memory/1860-65-0x0000000000170000-0x0000000000171000-memory.dmpFilesize
4KB
-
memory/1860-66-0x0000000010670000-0x00000000107D0000-memory.dmpFilesize
1.4MB
-
memory/1860-67-0x0000000001F50000-0x00000000020AE000-memory.dmpFilesize
1.4MB
-
memory/1948-59-0x00000000760B1000-0x00000000760B3000-memory.dmpFilesize
8KB
-
memory/1948-60-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB