Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
142s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
24/05/2024, 18:09
Behavioral task
behavioral1
Sample
6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118
Resource
ubuntu2004-amd64-20240508-en
General
-
Target
6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118
-
Size
97KB
-
MD5
6f65956d10f05d06fa32bd7ed5de7de5
-
SHA1
7deebf74ff07dda9aede8b3b33e52b30e21924d4
-
SHA256
6a8e715f7e896b299dd3a50ae9080e0266bd10d1c71789097e86ea4f6709a066
-
SHA512
079967bbf3ae95ce387cc9b606668c5acc9888c4b79c91770ebd941773e01aca987361308c6e0eabe8fafdcdef14c3333df83967ef92fe91b669c44122453d81
-
SSDEEP
3072:VK1z13U6HzHoXRtmTUhQogwEmmFVcqq0GnDZT:VK7DDeKlogwEmmFVcqq0GnDZT
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118 File opened for modification /dev/misc/watchdog 6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118 -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118 -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 1395 6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 6f65956d10f05d06fa32bd7ed5de7de5_JaffaCakes118