7c4f34556d1064cbe1889b7d6567b6f8baccaa9d33c18b18f7a2dfb0458484d1 | Triage

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2023 23:12

Sharing

Report Analysis Logs

General

Target

WARZONE RAT 3.03/TyWarzone.dll
Size

132KB
MD5

8972fbd74954fb223bd1f8000afefbed
SHA1

56912e4371bfeb65b2d53a845e65a0252fdf0f20
SHA256

20b6d6c9e4c611beb2394539b90ce3b904b28d296b08da9d07d19a0ffc2971a1
SHA512

12c0a61e031cae5f1557d0685deae0e87f997dcefd556c94d04bb34c6f5c90cf7c4188e04ee298e850b5f11c960fc8e3635cd8976a0a820446bc88349216b367
SSDEEP

3072:Z3wSeEN8bsEe0wwT+KKpiTxWOCz4PLT85:ZAEN8bFwIcIfCzILT8

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1416 wrote to memory of 4276	1416	rundll32.exe	rundll32.exe
PID 1416 wrote to memory of 4276	1416	rundll32.exe	rundll32.exe
PID 1416 wrote to memory of 4276	1416	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\TyWarzone.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\TyWarzone.dll",#1
2⤵
PID:4276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...