Overview

overview

10

Static

static

de0e342414...e12.js

windows7_x64

10

de0e342414...e12.js

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    29-01-2022 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de0e3424141dce378c5fec96960afc33db95022e2af32364f9d0a8231fab3e12.js

  • Size

    1.2MB

  • MD5

    4da3d01bcfd88385615dcdb5f575439a

  • SHA1

    6ec617c9885bbcf955dc996000d495a3f991a126

  • SHA256

    de0e3424141dce378c5fec96960afc33db95022e2af32364f9d0a8231fab3e12

  • SHA512

    0870300f7d1d129a7a9df3caa65da44bca76b8f2265a6b48f838c4156919ad19dc2e49e73c9c79a46b94df2892318107525c304a63f41bac7b21f612aad4e8a2

Score
10/10
rattyrattrojan

Malware Config

Signatures

  • Ratty

    Ratty is an open source Java Remote Access Tool.

    trojanratratty
  • Ratty Rat Payload 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\de0e3424141dce378c5fec96960afc33db95022e2af32364f9d0a8231fab3e12.js
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Program Files\Java\jre7\bin\javaw.exe
      "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\lgwtapo.txt"
      2⤵
        PID:1272

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\lgwtapo.txt
      MD5

      a519ad347bd9768b33665555809b7e7f

      SHA1

      fdebe23ffa905e85dfa0322950c2d524c41445da

      SHA256

      22c8f644605caafda3cf3d368de9a4ce4e02f8003866162577ef3c8494cc0a18

      SHA512

      c64ca9b6f3383a371baedcba4db7b85dc492cc5cdac061b0db55f03bdd7831a3b98b874b36d38d9d5b33693c76bf730326b532d17761b76369f3339fedaf73ad

      Download Submit

    • memory/1272-69-0x000007FEFC321000-0x000007FEFC323000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1272-72-0x0000000002130000-0x0000000005130000-memory.dmp

      Filesize

      48.0MB

      Download

    • memory/1272-73-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download