Overview

overview

10

Static

static

10

PTIN_REPORT_PDF.jar

windows7_x64

1

PTIN_REPORT_PDF.jar

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    153s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-01-2022 12:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PTIN_REPORT_PDF.jar

  • Size

    762KB

  • MD5

    9b44489684b9ef4df0b970dffa380633

  • SHA1

    48cd4e922f8d7f322882e0b60c042eadb9129730

  • SHA256

    c90b1e65448a622b814946ba136152c0eb47187e477f4c8b0fd61a234d9b5b8e

  • SHA512

    3ee12621496e441e38ed94fc9421544942307b2b07882481c52d1618031ee6e4f65ea0e71205d02ad635855b9e9eafcccef0a7e1a5ebaa7e17d1c6c511a9c650

Score
10/10
rattypersistencerattrojan

Malware Config

Signatures

  • Ratty

    Ratty is an open source Java Remote Access Tool.

    trojanratratty
  • Ratty Rat Payload 1 IoCs
  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Modifies registry class 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\ProgramData\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\PTIN_REPORT_PDF.jar
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "PTIN_REPORT_PDF.jar" /d "C:\Users\Admin\AppData\Roaming\PTIN_REPORT_PDF.jar" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:3912
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PTIN_REPORT_PDF.jar
      2⤵
      • Views/modifies file attributes
      PID:1344
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\PTIN_REPORT_PDF.jar
      2⤵
      • Views/modifies file attributes
      PID:776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2384-145-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-152-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-117-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-124-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-116-0x0000000002DE0000-0x0000000003050000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2384-131-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-136-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-139-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-115-0x0000000002DE0000-0x0000000003050000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2384-147-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-151-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-193-0x0000000003080000-0x0000000003090000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-154-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-155-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-156-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-157-0x0000000003050000-0x0000000003060000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-159-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-158-0x0000000003060000-0x0000000003070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-161-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-171-0x0000000003070000-0x0000000003080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2384-185-0x0000000000E30000-0x0000000000E31000-memory.dmp

    Filesize

    4KB

    Download