File name:

JRAT-v5 [Cracked].rar

Full analysis: https://app.any.run/tasks/0a3c50db-3b32-44fc-a216-9afb7a489140
Verdict: Malicious activity
Analysis date: December 01, 2019, 10:25:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

9AF69B1ECA1F2ADFE0CD3D1C18A99C13

SHA1:

9CC6EE1CEBC940A1F980D2DE14BBB1E3C05FF73B

SHA256:

600A8AE0B72522092220C54CF8776EDEF0E05563686CAADA0E8BF97C0E906824

SSDEEP:

98304:I5tEd4baQPwTfUcv0TNnZ+7nZCm3qwnab/gSYS2B2YJxGODqJ:5dIQfunCnU58a8Aq3xGO2J

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2204)

    • Creates files in the user directory

      • java.exe (PID: 820)

  • INFO

    • Manual execution by user

      • cmd.exe (PID: 2188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 404
UncompressedSize: 6148
OperatingSystem: Win32
ModifyDate: 2015:05:04 21:52:12
PackingMethod: Best Compression
ArchivedFileName: Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\.DS_Store
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe cmd.exe no specs java.exe

Process information

PID
CMD
Path
Indicators
Parent process
820java -jar Controller.jarC:\ProgramData\Oracle\Java\javapath\java.exe
cmd.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.920.14
Modules
Images
c:\program files\java\jre1.8.0_92\bin\java.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2188cmd /c ""C:\Users\admin\Desktop\jrat-v5\launch_win.bat" "C:\Windows\system32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2204"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\JRAT-v5 [Cracked].rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
445
Read events
433
Write events
12
Delete events
0

Modification events

(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2204) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\JRAT-v5 [Cracked].rar
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2204) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:@C:\Windows\System32\acppage.dll,-6002
Value:
Windows Batch File
(PID) Process:(2204) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
Executable files
6
Suspicious files
7
Text files
62
Unknown types
2

Dropped files

PID
Process
Filename
Type
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\.DS_Storeds_store
MD5:
SHA256:
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Allowed OS.txttext
MD5:0FA22E14F8AC90F0D5325F4342B1D3D5
SHA256:421B4EA52CBD991B9F7574E1BB88154AECFFAEDF7F5D38588D80A2A63391ACE4
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Final.txttext
MD5:79CF1C4E71D0F41F9F3FBC9F062A7654
SHA256:63B3328A95B3599862AA41F18F05F0016D45ADEB2577188F9388531C3F812BF1
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\Controller.jarjava
MD5:89FF401BC7177F8AB99DA16D6C8DEAF7
SHA256:23B3FDA87490614383CD0D9A543E18541AF7A384B2CBC7606690A986F20493F5
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\General.txttext
MD5:54B6EDF8B2345DE71014858BEE3CA5D6
SHA256:A37C343E044D73AB75A878875F37ADCC812B32C22376359B6018182748C724A3
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\domains.txttext
MD5:3B67CA6E35C6FCB4F76EE630A1622D9B
SHA256:3BF11C79B63FCF7515B4063DC14615776B6466ED0FCBA85E8E8F23FE4FA1951A
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Delay.txttext
MD5:4A4D440517C00D9B33BECE5827C3CE7F
SHA256:FF7541522DD783661E0564A2A9C81A20D4BD1602BD2A3BBA1531552BD1D189FB
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Host File.txttext
MD5:C5F588596FF98E3AA5A4F182D19E8B56
SHA256:545A1D88BA9F91C154000A0EFD30F7D8F579767F42D4F8638836F5237B728023
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Mutex.txttext
MD5:001FA3A1359E974ABFDE02B8E2A49637
SHA256:D521D8D4BA2183A2844931267A7BA8DA84B2A18A1F5A6604F3664D65DA898B2A
2204WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2204.48212\Jrat-v 5 [Cracked]\Jrat-v 5 [Cracked]\jrat-v5\files\help\Building\Network.txttext
MD5:5473A00B8CE59F907CBDD3860D765F50
SHA256:B7AAFCFDC9AB74D1D7CBF07580F7E6406C9A982A106784097E4165C607FD543B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
2
Threats
2

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
820
java.exe
140.82.56.237:443
jrat.se
US
malicious
820
java.exe
94.140.116.29:443
jrat.io
Makonix SIA
LV
unknown

DNS requests

Domain
IP
Reputation
jrat.se
  • 140.82.56.237
malicious
jrat.io
  • 94.140.116.29
malicious

Threats

PID
Process
Class
Message
820
java.exe
Generic Protocol Command Decode
SURICATA Applayer Mismatch protocol both directions
820
java.exe
Generic Protocol Command Decode
SURICATA Applayer Mismatch protocol both directions
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
JRAT-v5 [Cracked].rar