7c4f34556d1064cbe1889b7d6567b6f8baccaa9d33c18b18f7a2dfb0458484d1

Analysis

max time kernel
133s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2023 23:12

Target

WARZONE RAT 3.03/Datas/rdpwrap32.dll
Size

107KB
MD5

f5c6a32ee3bd88ae44c0c0dfae950cf0
SHA1

ccf368347092d2fdbbe53448378133a1adb7e762
SHA256

b9828995474f7e6a6b5c160e5160c5ff49495654a5b89654b6a0f9b8664f82fc
SHA512

c9ceb02a6f9235c9d26856987c18a66cc0abf6c3a1d580fef078cd98cade3fc54d5b76de9cb0ab4e3c048722dd258c2718b617b6efa35ae2fe7dfb4ecfa71c8e
SSDEEP

1536:rU2oADiIgmzJEHxstEua3iDFurHEYpQa5CaU/cIxpi4rHdvSFDEX7p9:rU2oADmsTayDERzCaKcaQadvEA9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2120 wrote to memory of 644	2120	rundll32.exe	rundll32.exe
PID 2120 wrote to memory of 644	2120	rundll32.exe	rundll32.exe
PID 2120 wrote to memory of 644	2120	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\Datas\rdpwrap32.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\Datas\rdpwrap32.dll",#1
2⤵
PID:644

memory/644-133-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download