Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Ratka.exe

windows7-x64

8

Ratka.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 06:09 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ratka.exe

  • Size

    37KB

  • MD5

    f82ab1b6c91dbfc8a1fc643f3c10922b

  • SHA1

    5088dc1515bf6cedfbea693bdf0d897e25345775

  • SHA256

    3ba782f1ddf9b091232171b072b30dd145090d02cbb16f6ed816e14e35885285

  • SHA512

    def496bca5a0cc7957d726d02409372885292690618ae5a13c44e6921fb7de72e5ec8e1855a2cb1de9d4cc1d77be01f3e7d65889b17bf41f00cea12d6b6f805e

  • SSDEEP

    384:VmOq0IiejvCVLO309QmykrtG+dA+Vd7wvOSiKrAF+rMRTyN/0L+EcoinblneHQMi:XLdGdkrgYH7wWS9rM+rMRa8Nu9+Ot

Score
8/10
evasion

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ratka.exe
    "C:\Users\Admin\AppData\Local\Temp\Ratka.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Windows\SysWOW64\netsh.exe
      netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Ratka.exe" "Ratka.exe" ENABLE
      2⤵
      • Modifies Windows Firewall
      PID:4876

Network

  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=23A3D8F4A5CF69CA0CB6CC68A4746820; domain=.bing.com; expires=Mon, 07-Jul-2025 06:09:20 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4FA728511F4D499D8CE0160ED19FCC19 Ref B: LON04EDGE0918 Ref C: 2024-06-12T06:09:20Z
    date: Wed, 12 Jun 2024 06:09:19 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=23A3D8F4A5CF69CA0CB6CC68A4746820; _EDGE_S=SID=2820850F1B9B61483EF991931A3160CE
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=RgaOEfl-1kU_WI3rOsv7InrlDWkDJmny4E8GHdXcysc; domain=.bing.com; expires=Mon, 07-Jul-2025 06:09:21 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4943B81D3B644A868AF5FD797C7DF373 Ref B: LON04EDGE0918 Ref C: 2024-06-12T06:09:21Z
    date: Wed, 12 Jun 2024 06:09:20 GMT
  • flag-be
    GET
    https://www.bing.com/aes/c.gif?RG=853ca44366ce469e82e3726124393c5f&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195324Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    Remote address:
    88.221.83.186:443
    Request
    GET /aes/c.gif?RG=853ca44366ce469e82e3726124393c5f&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195324Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=23A3D8F4A5CF69CA0CB6CC68A4746820
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D8DD1F35D347402CAEE5436F5866A2DF Ref B: DUS30EDGE0822 Ref C: 2024-06-12T06:09:20Z
    content-length: 0
    date: Wed, 12 Jun 2024 06:09:20 GMT
    set-cookie: _EDGE_S=SID=2820850F1B9B61483EF991931A3160CE; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=23A3D8F4A5CF69CA0CB6CC68A4746820; path=/; httponly; expires=Mon, 07-Jul-2025 06:09:20 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.b653dd58.1718172560.68ec91e
  • flag-us
    DNS
    4.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    186.83.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    186.83.221.88.in-addr.arpa
    IN PTR
    Response
    186.83.221.88.in-addr.arpa
    IN PTR
    a88-221-83-186deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    Ratka.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.125.223.134
  • flag-us
    DNS
    134.223.125.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    134.223.125.3.in-addr.arpa
    IN PTR
    Response
    134.223.125.3.in-addr.arpa
    IN PTR
    ec2-3-125-223-134 eu-central-1compute amazonawscom
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    Ratka.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.125.209.94
  • flag-us
    DNS
    94.209.125.3.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    94.209.125.3.in-addr.arpa
    IN PTR
    Response
    94.209.125.3.in-addr.arpa
    IN PTR
    ec2-3-125-209-94 eu-central-1compute amazonawscom
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    Ratka.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    18.158.249.75
  • flag-us
    DNS
    75.249.158.18.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    75.249.158.18.in-addr.arpa
    IN PTR
    Response
    75.249.158.18.in-addr.arpa
    IN PTR
    ec2-18-158-249-75 eu-central-1compute amazonawscom
  • flag-us
    DNS
    144.107.17.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    144.107.17.2.in-addr.arpa
    IN PTR
    Response
    144.107.17.2.in-addr.arpa
    IN PTR
    a2-17-107-144deploystaticakamaitechnologiescom
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    Ratka.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    3.125.223.134
  • flag-us
    DNS
    209.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.tcp.eu.ngrok.io
    Ratka.exe
    Remote address:
    8.8.8.8:53
    Request
    0.tcp.eu.ngrok.io
    IN A
    Response
    0.tcp.eu.ngrok.io
    IN A
    18.158.249.75
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2
    tls, http2
    2.6kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=531098720&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8Kw3kM9qpfbcW6_XLnLeuPTVUCUyP8gbeYyLRC1jtezsItAxwVfWnan1aFS7tKHQV3gTUN98-12ykXj_OA67LtQdDsc9CaE96javJRmJVngr6iK1uievhHOBuw7TgI4hXOSca_GoBpvA6wXqL7C-g1d3y_ALsSwynb1lwn688Lw_qW15a%26u%3DbWljcm9zb2Z0LWVkZ2UlM2FodHRwcyUzYSUyZiUyZnd3dy5taWNyb3NvZnQuY29tJTJmbWljcm9zb2Z0LTM2NSUyZm1pY3Jvc29mdC1lZGl0b3IlM2ZhY3RpdmV0YWIlM2R0YWJzJTNhZmFxaGVhZGVycmVnaW9uMyUyNk9DSUQlM2RjbW01dndjam93ag%26rlid%3D81b17cfe478a106014401a96ed7f8d1d&TIME=20240611T195324Z&CID=531098720&EID=&tids=15000&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373&muid=57578D2216C305ECD49867D03367A2A2

    HTTP Response

    204
  • 88.221.83.186:443
    https://www.bing.com/aes/c.gif?RG=853ca44366ce469e82e3726124393c5f&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195324Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373
    tls, http2
    1.4kB
     5.3kB
     16
    10

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=853ca44366ce469e82e3726124393c5f&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240611T195324Z&adUnitId=11730597&localId=w:57578D22-16C3-05EC-D498-67D03367A2A2&deviceId=6755470482742373

    HTTP Response

    200
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.209.94:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    528 B
     212 B
     5
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 3.125.223.134:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    574 B
     212 B
     6
    5
  • 18.158.249.75:11331
    0.tcp.eu.ngrok.io
    Ratka.exe
    528 B
     172 B
     5
    4
  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    4.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    4.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    186.83.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    186.83.221.88.in-addr.arpa

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    Ratka.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.125.223.134

  • 8.8.8.8:53
    134.223.125.3.in-addr.arpa
    dns
    72 B
     138 B
     1
    1

    DNS Request

    134.223.125.3.in-addr.arpa

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    Ratka.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.125.209.94

  • 8.8.8.8:53
    94.209.125.3.in-addr.arpa
    dns
    71 B
     136 B
     1
    1

    DNS Request

    94.209.125.3.in-addr.arpa

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    Ratka.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    18.158.249.75

  • 8.8.8.8:53
    75.249.158.18.in-addr.arpa
    dns
    72 B
     138 B
     1
    1

    DNS Request

    75.249.158.18.in-addr.arpa

  • 8.8.8.8:53
    144.107.17.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    144.107.17.2.in-addr.arpa

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    Ratka.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    3.125.223.134

  • 8.8.8.8:53
    209.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    209.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    0.tcp.eu.ngrok.io
    dns
    Ratka.exe
    63 B
     79 B
     1
    1

    DNS Request

    0.tcp.eu.ngrok.io

    DNS Response

    18.158.249.75

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4440-0-0x0000000075092000-0x0000000075093000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4440-1-0x0000000075090000-0x0000000075641000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4440-2-0x0000000075090000-0x0000000075641000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4440-3-0x0000000075092000-0x0000000075093000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4440-4-0x0000000075090000-0x0000000075641000-memory.dmp

    Filesize

    5.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.