7c4f34556d1064cbe1889b7d6567b6f8baccaa9d33c18b18f7a2dfb0458484d1

Analysis

max time kernel
97s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2023 23:12

Target

WARZONE RAT 3.03/Datas/ServerManager.dll
Size

96KB
MD5

ccc5bd0d95f504fce814e6758d4953d6
SHA1

531755eb609b6740a5117e0e7a84547ae66061e0
SHA256

2b658436167826d3a1e44919a1113c6f1717515bd7ef0064d7152d7c3e050fc1
SHA512

da7c581c84d9236d0c728bb947d212d76ba59af79ee3d8966a6fe42276543a0db40eecd1792a6f6c0db507f8b5e2267370ae46866d8b03dc4e2e9f1e1dfee954
SSDEEP

1536:XLKZtKu0SvWj0DhgyQWnOS+jKcMfjR2CJ0psWQcd7kiW4L2er:XLOtKdSvNgyQWnOSKBVCOAiHL2er

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 372 wrote to memory of 4980	372	rundll32.exe	rundll32.exe
PID 372 wrote to memory of 4980	372	rundll32.exe	rundll32.exe
PID 372 wrote to memory of 4980	372	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\Datas\ServerManager.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:372

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\Datas\ServerManager.dll",#1
2⤵
PID:4980