warzonerat | c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 03:13

Target

c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe
Size

98KB
MD5

69e1ac07c6a053f962d14fc3c47683bb
SHA1

679963e67fcb7026d814ed1771a918f83ee1058c
SHA256

c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3
SHA512

12e2d2aed8b3872601a766acd94e70afda16a55e5a5ae31fed28c10d179b4c52e7cd4d31f29af3291220af170805dfdbac0216e3db4b8aeaa1c028fb5450f0e5
SSDEEP

1536:LCsijmb+6BQyusX1UjtA0uWRf/eloc7H9F1jVEyv:GxD6jSm0uWRfCoeHFjVEI

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe

description	pid	process	target process
PID 2920 wrote to memory of 1156	2920	c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe	cmd.exe
PID 2920 wrote to memory of 1156	2920	c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe	cmd.exe
PID 2920 wrote to memory of 1156	2920	c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe	cmd.exe
PID 2920 wrote to memory of 1156	2920	c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe	cmd.exe
PID 2920 wrote to memory of 1156	2920	c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe
"C:\Users\Admin\AppData\Local\Temp\c8c1880838e956c4743c7b5fbb0b735372bd6f09bacb2b275afe030b685d5cf3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2920

memory/1156-0-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download