Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    28-07-2024 19:28

General

  • Target

    1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118

  • Size

    1.0MB

  • MD5

    1f412ff0eced64ee7a12786ef522aee2

  • SHA1

    312932fb129e591a6be4abdbc45ce2d832d9010d

  • SHA256

    3b98cf6edba6cde417ecec6c3c583f837256ed5127d23e4103f03d2b5a937808

  • SHA512

    dd830028d6658e3bfbf8d4c813e24246efd5e6e5984a062846850d521b12ff7ed8fbfb219fce6629faa9aaff7cb99f9647c24c5a3b6bd0866a1f22fab663c17f

  • SSDEEP

    24576:RsqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4wwS49TrHg29XE/PFroyUkNR9:PhvnhHXuhshNjK8AlGWaoIroyUk

Score
4/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118
    /tmp/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118
    1⤵
    • Checks CPU configuration
    • Reads CPU attributes
    PID:1352
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:1353
        • /usr/bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:1354
        • /bin/sh
          sh -c "mv /tmp/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 /etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118"
          2⤵
            PID:1355
            • /usr/bin/mv
              mv /tmp/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 /etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118
              3⤵
              • Reads runtime system information
              PID:1356
          • /bin/sh
            sh -c "cd /etc;chmod 777 1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118"
            2⤵
              PID:1357
              • /usr/bin/chmod
                chmod 777 1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118
                3⤵
                  PID:1358
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:1359
                  • /usr/bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1360
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:1361
                    • /usr/bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:1362
                  • /bin/sh
                    sh -c "sed -i -e '/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118/d' /etc/rc.local"
                    2⤵
                      PID:1363
                      • /usr/bin/sed
                        sed -i -e /1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:1364
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 reboot' /etc/rc.local"
                      2⤵
                        PID:1365
                        • /usr/bin/sed
                          sed -i -e "2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:1366
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 start' /etc/rc.d/rc.local"
                        2⤵
                          PID:1367
                          • /usr/bin/sed
                            sed -i -e "2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:1368
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 start' /etc/init.d/boot.local"
                          2⤵
                            PID:1369
                            • /usr/bin/sed
                              sed -i -e "2 i/etc/1f412ff0eced64ee7a12786ef522aee2_JaffaCakes118 start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:1370

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads