Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
153s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
09/05/2024, 20:51
Behavioral task
behavioral1
Sample
2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
Resource
ubuntu2004-amd64-20240508-en
General
-
Target
2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
-
Size
6.9MB
-
MD5
2ba5d696542a22d833ab4b2abfc658f8
-
SHA1
3af1f86f96a46c14f6d1f0ac434db893bdd45bb7
-
SHA256
b41973732cf5c61e2d125b7eae5595763c61b81be0e360fff13db93566e2ba0c
-
SHA512
1fd0020933dad474c411ca8acc8fbf3008d91ef9db8e6f4cdde62b491dc68f7e938b83dc939b92f6731937ee6781397f45bf4d62f8d412a9a293ae3d4882d85c
-
SSDEEP
49152:DQuany9LtKnp7/Od3UWqxEW1BOKi8Nu6uuAIhlPebGNtpo/UOdZmanODQmc93LfU:6QLInpRb6Ki80LbylttpU3LfhIujIX
Malware Config
Signatures
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.SnPqD8 crontab -
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/sys/net/core/somaxconn 2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118 File opened for reading /proc/version cat File opened for reading /proc/sys/net/core/somaxconn 2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118 File opened for reading /proc/version cat -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/.pid 2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118 File opened for modification /tmp/nip9iNeiph5chee 2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118 File opened for modification /tmp/[stealth].pid 2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118
Processes
-
/tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118/tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes1181⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1414 -
/usr/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:1419
-
-
/usr/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1420
-
-
/usr/bin/unameuname -a2⤵PID:1424
-
-
/usr/bin/getconfgetconf LONG_BIT2⤵PID:1425
-
-
/tmp/2ba5d696542a22d833ab4b2abfc658f8_JaffaCakes118"[stealth]"2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1426 -
/usr/bin/catcat /proc/version3⤵
- Reads runtime system information
PID:1431
-
-
/usr/bin/catcat /proc/cpuinfo3⤵
- Checks CPU configuration
PID:1437
-
-
/usr/bin/unameuname -a3⤵PID:1439
-
-
/usr/bin/getconfgetconf LONG_BIT3⤵PID:1440
-
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee3⤵
- Creates/modifies Cron job
PID:1441
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5299fb2142d7de959380f91c01c3a293c
SHA18e3c07a198efa67e51a01f3ab800663a57ea6e50
SHA2562c29bd822988ccf7b83e0baf85cefe1253e718cbe4ee54a119efd998260a85b7
SHA51280905d93da51d3df5af39204c25aa9edfd48ef56a7c857d23c088231d717f8b63e605ff3dab578b75d4dbea0dfd287f9c3de85a2fb5f6d28a0ce13348dbc5212
-
Filesize
80B
MD5733fd18957568960d049cf884461434b
SHA1a13d101d92286425f8032f4dfde25b3cec01c562
SHA256eb832bae0bd8a092f89e8457eb07378f48f372f9fd9f80bae69d512f514ef961
SHA512814ad3265887d8809354714dfd08c9b67d95399087f6c475d8fdeaca559ebfb98bee76924d518cba5188496c2714fc73953c4f0bdc2457e1c27895be5bc47d3c
-
Filesize
274B
MD5d1ec8b4fe29ce90a537c302ea5672c0c
SHA1c5481073b44f24278f12a5eaf02eb085a356e3c7
SHA256d034034b665dd3b3d91c793ea6c3b5fc432b4b62c1090492f9cb1de07315fd63
SHA51266b242e1728ad903659c8e2f9d41ad949460a0e0ffadfdd016df496d126e56e8dbb6d32cf2fad3941b543fd8f82d622e844b9e64d4f1368d7ed867d969ba7e75