warzonerat | 01046e01bae27400fbabcdfa85148e0d17a2ef0b94ba1f2a1fd2172546603e3a

Analysis

max time kernel
146s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 02:33

Target

846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe
Size

98KB
MD5

846312476e0ae4e5dea7dabb3fe9f910
SHA1

6545b7799803a58c0aa2e42a3d0ac447e2060fed
SHA256

01046e01bae27400fbabcdfa85148e0d17a2ef0b94ba1f2a1fd2172546603e3a
SHA512

eab296e448cf2d7cc926c22e738902393859bb61838e08e845c3759f92e0791cf87c83b4c65a245c8bdbf6667ae9d47a6e2658bc74e4442c2e536a53f07a7a13
SSDEEP

1536:LCsijmb+6BQyusX1UjtA0uWRf/eloco9F1jVEyt:GxD6jSm0uWRfCobFjVES

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe

description	pid	process	target process
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe
PID 2176 wrote to memory of 2204	2176	846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\846312476e0ae4e5dea7dabb3fe9f910_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2176

memory/2204-0-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/2204-2-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download