warzonerat | 399da3fdd3e45acb6d7befd8cf40def28e8ec925fe239f588ff45648db063f70

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 03:10

Target

591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe
Size

98KB
MD5

591befdd46507aef57931a52efa5c1f0
SHA1

ca40698fa44eacec37a1ac2742ea071d16a262d2
SHA256

399da3fdd3e45acb6d7befd8cf40def28e8ec925fe239f588ff45648db063f70
SHA512

6d873d9a2dcf351f910a3b96dcaf52940f3be720002cc2cafb0578cad5d37e83b031e1b7e8d87f763b4bf9946e98cad5d79196b4c10cc4c34f0caaa0c6343e4a
SSDEEP

1536:LCsijmb+6BQyusX1UjtA0uWRf/eloc99F1jVEyf:GxD6jSm0uWRfCo+FjVEw

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe

description	pid	process	target process
PID 4684 wrote to memory of 3668	4684	591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe	cmd.exe
PID 4684 wrote to memory of 3668	4684	591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe	cmd.exe
PID 4684 wrote to memory of 3668	4684	591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe	cmd.exe
PID 4684 wrote to memory of 3668	4684	591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe	cmd.exe
PID 4684 wrote to memory of 3668	4684	591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\591befdd46507aef57931a52efa5c1f0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4684

memory/3668-0-0x0000000000FA0000-0x0000000000FA1000-memory.dmp

Filesize
4KB

Download