warzonerat | 67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 22:37

Target

67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe
Size

98KB
MD5

54e04400aa9962971144bf93df00d773
SHA1

9a189fdc4175a1a72b4e408036372eb006323a40
SHA256

67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a
SHA512

bd76f92829cbf900bcab5f7bd05870322158fd00711b314f67a9d63ee90b6adc8af1010898e3728025ed5d2361a1cd77ec276cc141c6b7b4f0af77a7049ef3b6
SSDEEP

1536:b60eDNKgTAgkw+BMrtU4FxW5Ake5is1jVEyM:Ol3ThS4FxeAxRjVED

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe

description	pid	process	target process
PID 220 wrote to memory of 4952	220	67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe	cmd.exe
PID 220 wrote to memory of 4952	220	67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe	cmd.exe
PID 220 wrote to memory of 4952	220	67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe	cmd.exe
PID 220 wrote to memory of 4952	220	67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe	cmd.exe
PID 220 wrote to memory of 4952	220	67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe
"C:\Users\Admin\AppData\Local\Temp\67c0da96b012c038dc23821ced5f7782bfb1dec07f141b57663b3292e1f0310a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:220

memory/4952-0-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download