Behavioral task
behavioral1
Sample
3604-371-0x0000000010670000-0x00000000107D0000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3604-371-0x0000000010670000-0x00000000107D0000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
3604-371-0x0000000010670000-0x00000000107D0000-memory.dmp
-
Size
1.4MB
-
MD5
aa9b1e63ab460ae5010a03363f281465
-
SHA1
932bb0cafaaa1934d47a0367830714f4f3807c32
-
SHA256
a74f3768896d292e26d87b8d7d398b28668fa9cc4805a1708b44e7fa3e150f45
-
SHA512
b8daa66e66caad02b6068b84ec6e704b68e9ab632fbf2e93f239d791f03ae742eefa87acc17a670d2efba16f214ac18773a8322cb88cd4127a0ce16829458a30
-
SSDEEP
3072:iNLOpnhTdOw9YAJOzIY9gVl01T2ENipdDg0z5:iNLYdT97JSIFl0QENqF
Malware Config
Signatures
-
Warzonerat family
Files
-
3604-371-0x0000000010670000-0x00000000107D0000-memory.dmp.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
.text Size: 155KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE