warzonerat | 19d0efbec8dfd2019b9b8aad8f55f47348e8dfe6da7a6f8710cdd4f10a70e626

Analysis

max time kernel
146s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 02:02

Target

4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe
Size

98KB
MD5

4eb4cfca390b5558173a8ae221158510
SHA1

c9ff1fe82b2e4b2a27002f084f271f2010b2b9eb
SHA256

19d0efbec8dfd2019b9b8aad8f55f47348e8dfe6da7a6f8710cdd4f10a70e626
SHA512

16ea5044f968187108ec48ddbff667527b1d3d5edc3961c8d245952a2c685dbcdc0ca576ea53793d532bd53dea92721ffc79a8beb6329a1b363904f0a3c83f00
SSDEEP

1536:dcObJoSF+cJuGmqvb9xBwbAG2ukf2J1jVEyW:ea7VDBwbX2LujVEp

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe

description	pid	process	target process
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe
PID 2420 wrote to memory of 2436	2420	4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4eb4cfca390b5558173a8ae221158510_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2420

memory/2436-1-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2436-0-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download