1545a65c6b8564cbf26b399286a3b32ce204c6f650dbc4a5a64a6505f87cc723

Analysis

max time kernel
92s
max time network
131s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
12-05-2024 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
Size

4.2MB
MD5

37fa82dd944b528d53f0826cb6fa4faf
SHA1

e52692f1f43e670d1c4b540b93223157b94a761e
SHA256

1545a65c6b8564cbf26b399286a3b32ce204c6f650dbc4a5a64a6505f87cc723
SHA512

13e2dff78312bdbc66fef5966dd1a646b2853312edd74c4b6f0ae5492e1b8635e7abb0e4345d4369f839f83541f01c6c256e4ffaaaab1b564f743a19415510fc
SSDEEP

49152:s8WYVig7SAhhFB2IjE9nMfq4+R5ejQR9ul8yG/+ccWoMxTc9bGcgHKEyosjvBOK9:oY17dFpji+ULfATRPj

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

description ioc process

File opened for reading /proc/cpuinfo 37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

description ioc process

File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq 37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

description	ioc	process
File opened for reading	/proc/cpuinfo	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

description	ioc	process
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

Processes:

37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

description	ioc	process
File opened for reading	/proc/sys/net/core/somaxconn	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
File opened for reading	/proc/stat	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
File opened for reading	/proc/meminfo	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
File opened for reading	/proc/sys/kernel/hostname	37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118

/tmp/37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
/tmp/37fa82dd944b528d53f0826cb6fa4faf_JaffaCakes118
1⤵
- Checks CPU configuration
- Reads CPU attributes
- Reads runtime system information
PID:1394

/usr/bin/getconf
/usr/bin/getconf CLK_TCK
2⤵
PID:1397

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads