Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

76fe4fdd62...kes118

ubuntu-18.04-amd64

8

Analysis

  • max time kernel
    149s
  • max time network
    140s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27/07/2024, 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76fe4fdd628218f630ba50f91ceba852_JaffaCakes118

  • Size

    8.7MB

  • MD5

    76fe4fdd628218f630ba50f91ceba852

  • SHA1

    6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4

  • SHA256

    041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742

  • SHA512

    7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011

  • SSDEEP

    98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No

Score
8/10
antivmpersistence

Malware Config

Signatures

  • Adds new SSH keys 1 IoCs

    Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    persistence
  • Deletes itself 1 IoCs
  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 30 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/76fe4fdd628218f630ba50f91ceba852_JaffaCakes118
    /tmp/76fe4fdd628218f630ba50f91ceba852_JaffaCakes118
    1⤵
    • Adds new SSH keys
    • Deletes log files
    • Reads runtime system information
    PID:1511
    • /bin/uname
      uname -a
      2⤵
        PID:1526
      • /bin/cat
        cat /proc/cpuinfo
        2⤵
        • Checks CPU configuration
        PID:1527
      • /bin/cat
        cat /etc/issue
        2⤵
          PID:1528
        • /usr/bin/free
          free -m
          2⤵
          • Reads CPU attributes
          PID:1529
        • /usr/bin/uptime
          uptime
          2⤵
          • Reads CPU attributes
          PID:1530
        • /bin/journalctl
          journalctl -S "@0" -u sshd
          2⤵
          • Reads runtime system information
          PID:1531
        • /bin/cat
          cat "/var/log/auth*"
          2⤵
            PID:1532
          • /bin/zcat
            zcat "/var/log/auth*"
            2⤵
              PID:1533
            • /bin/gzip
              gzip -cd "/var/log/auth*"
              2⤵
                PID:1533
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1534
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1535
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1536
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1537
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1540
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1541
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1542
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1543
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1544
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1545
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1546
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1547
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1548
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1549
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1550
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1551
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1552
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1553
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1554
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1555
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1556
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1557
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1558
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                PID:1559
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                PID:1560
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1561
              • /usr/bin/free
                free -m
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1562
              • /usr/bin/uptime
                uptime
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1563

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /root/.ssh/authorized_keys
              Filesize

              381B

              MD5

              9da18d38b6dd4c4aa84642378d63fa89

              SHA1

              c5a976691e4b5963b5e760044f22cc9685268db6

              SHA256

              43062900b2539d8d1f67f30fa7042c56b53541f63875b5f0de5d8fbde0e0a8bf

              SHA512

              222b20b5b2ff8956c13dbac1f8d3f81435613b751913d65f4c4082ea9c1a7c8ae91be17a24ef4ae0c708bfe09daab552bb209615714d70acfaaed89c536c71b3

              Download Submit