Overview

overview

10

Static

static

10

Ratka.exe

windows7-x64

8

Ratka.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 06:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Ratka.exe

  • Size

    37KB

  • MD5

    f82ab1b6c91dbfc8a1fc643f3c10922b

  • SHA1

    5088dc1515bf6cedfbea693bdf0d897e25345775

  • SHA256

    3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285

  • SHA512

    def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e

  • SSDEEP

    384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ratka.exe
    "C:\Users\Admin\AppData\Local\Temp\Ratka.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Ratka.exe" "Ratka.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:4876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4440-0-0x0000000075092000-0x0000000075093000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4440-1-0x0000000075090000-0x0000000075641000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4440-2-0x0000000075090000-0x0000000075641000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4440-3-0x0000000075092000-0x0000000075093000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4440-4-0x0000000075090000-0x0000000075641000-memory.dmp

          Filesize

          5.7MB

          Download