warzonerat | 01ba34a39586e99f12eec60eb6cc2b4554e38dbb26257ced2756ab4ac02505da

Analysis

max time kernel
146s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 07:29

Target

25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe
Size

98KB
MD5

25075ad4b08d98b621c831336e72e1e0
SHA1

3eef74d716c47547739905aa9c95fdafa1b13032
SHA256

01ba34a39586e99f12eec60eb6cc2b4554e38dbb26257ced2756ab4ac02505da
SHA512

01b838745c40eeff987b8f75d18075aad0da461d7b4c834e1d17f8d3cd7b8f35957fcc27605ee4fdddffc24555b26393241e5fa7e529c10b3b671e3776d7faaa
SSDEEP

1536:LCsijmb+6BQyusX1UjtA0uWRf/elocms9F1jVEyH:GxD6jSm0uWRfCo5sFjVEI

Score

10^/10

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28
PID 2512 wrote to memory of 1716	2512	25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe	28

C:\Users\Admin\AppData\Local\Temp\25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25075ad4b08d98b621c831336e72e1e0_NeikiAnalytics.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1716

memory/1716-2-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/1716-0-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download