Overview

overview

10

Static

static

3

b1b3a3b2ff...31.exe

windows7-x64

10

b1b3a3b2ff...31.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    5s
  • max time network
    0s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 20:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31.exe

  • Size

    312KB

  • MD5

    2496c32182f058193c695bf5a21d6ced

  • SHA1

    8c4cd680dcfcd6a798d035351c26217098b5f9fd

  • SHA256

    b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31

  • SHA512

    098f5866a222a71239886afcbcfa092d69bc04bfd33eb0a55d8a64b574dbb7296fcfae61d680285bb19b5f16a29b7c0efe99496658e2cde7937ec8822e5c49a0

  • SSDEEP

    6144:Kp5mfHHx9QFeYj/jzT+Nbbeoq2aIcEo/hLrBRfQ+8sCVKZubm8J9R7x6uQoErG:OqnxqEYj/fkaoq2aIcEwhL9Rr8sCVGG3

Score
10/10
warzoneratdiscoveryinfostealerpersistencerat

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzonerat family
    warzonerat
  • Drops startup file 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31.exe
    "C:\Users\Admin\AppData\Local\Temp\b1b3a3b2ff01c33585d2fa3eadd78741af5b421e7463450e348401be175f0a31.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious use of AdjustPrivilegeToken
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2088-0-0x0000000074621000-0x0000000074622000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2088-1-0x0000000074620000-0x0000000074BCB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2088-2-0x0000000074620000-0x0000000074BCB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2088-5-0x0000000074620000-0x0000000074BCB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2088-6-0x0000000074620000-0x0000000074BCB000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.