Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

[RU]DESKTO...ip.jar

windows7-x64

1

[RU]DESKTO...ip.jar

windows7-x64

1

[RU]DESKTO...ip.jar

windows10-1703-x64

10

[RU]DESKTO...ip.jar

windows10-2004-x64

10

[RU]DESKTO...ip.jar

windows11-21h2-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/10/2024, 02:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar

  • Size

    332KB

  • MD5

    c6f19bd285ac0c699435b607a163bedd

  • SHA1

    959fd4aa99f9550359eeccf5770565fb0503104d

  • SHA256

    21810e5c5329762599cdb396feba7c560e42808f11d7eda6ea8afcc0d3d1cd1d

  • SHA512

    96be9a0c64c27cca97b690e9b8e07db114271b7888b4acacf8aed0a89750ab6fd967e48cd277abe3e359726af1f094e8c33b6b4e0b4b5561559189e8577ca708

  • SSDEEP

    6144:JZjgS007NNMX/+DoklCAFNWClCA+jp02GmaZ/ZJSEPavLFjt+Ww:JZNNNzbCClCA+jp02GmWhJnav5jUj

Score
10/10
rattypersistencerattrojan

Malware Config

Signatures

  • Ratty

    Ratty is an open source Java Remote Access Tool.

    trojanratratty
  • Ratty Rat payload 1 IoCs
  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies registry class 2 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:692
    • C:\Windows\SYSTEM32\REG.exe
      REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar" /d "C:\Users\Admin\AppData\Roaming\[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:4768
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar
      2⤵
      • Views/modifies file attributes
      PID:4292
    • C:\Windows\SYSTEM32\attrib.exe
      attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar
      2⤵
      • Views/modifies file attributes
      PID:3476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\JNativeHook-7432773EB4D09DC286D43FCC77DDB0E1E3BCE2B4.dll
    Filesize

    83KB

    MD5

    55f4de7f270663b3dc712b8c9eed422a

    SHA1

    7432773eb4d09dc286d43fcc77ddb0e1e3bce2b4

    SHA256

    47c2871dff8948de40424df497962ea6167c56bd4d487dd2e660aa2837485e25

    SHA512

    9da5efb0236b3bb4ec72d07bfd70a9e3f373df95d97c825513babd43d2b91c8669e28f3464173e789dad092ea48fc8d32a9d11a6d5c8d9beeabd33860ce6a996

    Download Submit

  • C:\Users\Admin\AppData\Roaming\[RU]DESKTOP-33B9CHF@V#eff870d155ad9996e86173d19c2373fd3cea5780.zip.jar
    Filesize

    332KB

    MD5

    c6f19bd285ac0c699435b607a163bedd

    SHA1

    959fd4aa99f9550359eeccf5770565fb0503104d

    SHA256

    21810e5c5329762599cdb396feba7c560e42808f11d7eda6ea8afcc0d3d1cd1d

    SHA512

    96be9a0c64c27cca97b690e9b8e07db114271b7888b4acacf8aed0a89750ab6fd967e48cd277abe3e359726af1f094e8c33b6b4e0b4b5561559189e8577ca708

    Download Submit

  • memory/692-51-0x0000010D85BF0000-0x0000010D85E60000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/692-73-0x0000010D85E60000-0x0000010D85E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-11-0x0000010D84330000-0x0000010D84331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/692-31-0x0000010D85E60000-0x0000010D85E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-33-0x0000010D85E70000-0x0000010D85E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-34-0x0000010D84330000-0x0000010D84331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/692-41-0x0000010D85E90000-0x0000010D85EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-40-0x0000010D85E80000-0x0000010D85E90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-39-0x0000010D84330000-0x0000010D84331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/692-43-0x0000010D85EA0000-0x0000010D85EB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-48-0x0000010D85EB0000-0x0000010D85EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-49-0x0000010D84330000-0x0000010D84331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/692-18-0x0000010D84330000-0x0000010D84331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/692-2-0x0000010D85BF0000-0x0000010D85E60000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/692-57-0x0000010D85EA0000-0x0000010D85EB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-54-0x0000010D85E80000-0x0000010D85E90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-55-0x0000010D85E90000-0x0000010D85EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-56-0x0000000065E40000-0x0000000065E55000-memory.dmp

    Filesize

    84KB

    Download

  • memory/692-53-0x0000010D85E70000-0x0000010D85E80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-58-0x0000010D85EB0000-0x0000010D85EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-71-0x0000000065E40000-0x0000000065E55000-memory.dmp

    Filesize

    84KB

    Download

  • memory/692-72-0x0000010D85BF0000-0x0000010D85E60000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/692-52-0x0000010D85E60000-0x0000010D85E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-76-0x0000010D85EB0000-0x0000010D85EC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-75-0x0000010D85EA0000-0x0000010D85EB0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/692-74-0x0000010D85E90000-0x0000010D85EA0000-memory.dmp

    Filesize

    64KB

    Download