Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    09/05/2024, 20:51

General

  • Target

    2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118

  • Size

    6.9MB

  • MD5

    2ba5d696542a22d833ab4b2abfc658f8

  • SHA1

    3af1f86f96a46c14f6d1f0ac434db893bdd45bb7

  • SHA256

    b41973732cf5c61e2d125b7eae5595763c61b81be0e360fff13db93566e2ba0c

  • SHA512

    1fd0020933dad474c411ca8acc8fbf3008d91ef9db8e6f4cdde62b491dc68f7e938b83dc939b92f6731937ee6781397f45bf4d62f8d412a9a293ae3d4882d85c

  • SSDEEP

    49152:DQuany9LtKnp7/Od3UWqxEW1BOKi8Nu6uuAIhlPebGNtpo/UOdZmanODQmc93LfU:6QLInpRb6Ki80LbylttpU3LfhIujIX

Score
6/10

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
    /tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1414
    • /usr/bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1419
    • /usr/bin/cat
      cat /proc/cpuinfo
      2⤵
      • Checks CPU configuration
      PID:1420
    • /usr/bin/uname
      uname -a
      2⤵
        PID:1424
      • /usr/bin/getconf
        getconf LONG_BIT
        2⤵
          PID:1425
        • /tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
          "[stealth]"
          2⤵
          • Reads runtime system information
          • Writes file to tmp directory
          PID:1426
          • /usr/bin/cat
            cat /proc/version
            3⤵
            • Reads runtime system information
            PID:1431
          • /usr/bin/cat
            cat /proc/cpuinfo
            3⤵
            • Checks CPU configuration
            PID:1437
          • /usr/bin/uname
            uname -a
            3⤵
              PID:1439
            • /usr/bin/getconf
              getconf LONG_BIT
              3⤵
                PID:1440
              • /usr/bin/crontab
                /usr/bin/crontab /tmp/nip9iNeiph5chee
                3⤵
                • Creates/modifies Cron job
                PID:1441

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pid

            Filesize

            4B

            MD5

            299fb2142d7de959380f91c01c3a293c

            SHA1

            8e3c07a198efa67e51a01f3ab800663a57ea6e50

            SHA256

            2c29bd822988ccf7b83e0baf85cefe1253e718cbe4ee54a119efd998260a85b7

            SHA512

            80905d93da51d3df5af39204c25aa9edfd48ef56a7c857d23c088231d717f8b63e605ff3dab578b75d4dbea0dfd287f9c3de85a2fb5f6d28a0ce13348dbc5212

          • /tmp/nip9iNeiph5chee

            Filesize

            80B

            MD5

            733fd18957568960d049cf884461434b

            SHA1

            a13d101d92286425f8032f4dfde25b3cec01c562

            SHA256

            eb832bae0bd8a092f89e8457eb07378f48f372f9fd9f80bae69d512f514ef961

            SHA512

            814ad3265887d8809354714dfd08c9b67d95399087f6c475d8fdeaca559ebfb98bee76924d518cba5188496c2714fc73953c4f0bdc2457e1c27895be5bc47d3c

          • /var/spool/cron/crontabs/tmp.SnPqD8

            Filesize

            274B

            MD5

            d1ec8b4fe29ce90a537c302ea5672c0c

            SHA1

            c5481073b44f24278f12a5eaf02eb085a356e3c7

            SHA256

            d034034b665dd3b3d91c793ea6c3b5fc432b4b62c1090492f9cb1de07315fd63

            SHA512

            66b242e1728ad903659c8e2f9d41ad949460a0e0ffadfdd016df496d126e56e8dbb6d32cf2fad3941b543fd8f82d622e844b9e64d4f1368d7ed867d969ba7e75