Overview

overview

10

Static

static

10

WARZONE RA...er.dll

windows7-x64

3

WARZONE RA...er.dll

windows10-2004-x64

3

WARZONE RA...er.exe

windows7-x64

3

WARZONE RA...er.exe

windows10-2004-x64

3

WARZONE RA...ox.dll

windows7-x64

3

WARZONE RA...ox.dll

windows10-2004-x64

3

WARZONE RA...32.dll

windows7-x64

3

WARZONE RA...32.dll

windows10-2004-x64

3

WARZONE RA...64.dll

windows7-x64

1

WARZONE RA...64.dll

windows10-2004-x64

1

WARZONE RA...er.exe

windows7-x64

3

WARZONE RA...er.exe

windows10-2004-x64

3

WARZONE RA...np.exe

windows7-x64

8

WARZONE RA...np.exe

windows10-2004-x64

8

WARZONE RA...er.exe

windows7-x64

3

WARZONE RA...er.exe

windows10-2004-x64

3

WARZONE RA...se.dll

windows7-x64

3

WARZONE RA...se.dll

windows10-2004-x64

3

WARZONE RA...in.dll

windows7-x64

1

WARZONE RA...in.dll

windows10-2004-x64

1

WARZONE RA...ls.dll

windows7-x64

1

WARZONE RA...ls.dll

windows10-2004-x64

1

WARZONE RA...ne.dll

windows7-x64

3

WARZONE RA...ne.dll

windows10-2004-x64

3

WARZONE RA....0.exe

windows7-x64

3

WARZONE RA....0.exe

windows10-2004-x64

3

WARZONE RA...ed.exe

windows7-x64

9

WARZONE RA...ed.exe

windows10-2004-x64

9

WARZONE RA...nt.exe

windows7-x64

3

WARZONE RA...nt.exe

windows10-2004-x64

3

WARZONE RA...td.dll

windows7-x64

3

WARZONE RA...td.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WARZONE RAT 3.03/cratclientd.dll

  • Size

    132KB

  • MD5

    f6dbe80a1b68a734c92375fbbcf4be88

  • SHA1

    cd6a7b57812c891f75e3a40c8f925ef5be48bade

  • SHA256

    d364fe03510f34c22e8b5d25784ba80decae568bd939db66e4cd8b90538d60be

  • SHA512

    59abbb522f6a4f442601190f901846ff7b57e041a25773ea0b7ec03011c2d207bb8e609443dd1a74ad0a13a4e5bef043c584b0da882a5d6619d05871015230e8

  • SSDEEP

    3072:Z3wSeEN8bsEe0wwT+KKpiTxW7Cz4PLT85:ZAEN8bFwIcIqCzILT8

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\cratclientd.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WARZONE RAT 3.03\cratclientd.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 592
        3⤵
        • Program crash
        PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads