Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    29-07-2024 12:09

General

  • Target

    45b6935f88538f5531afc2610a1cca23_JaffaCakes118

  • Size

    790KB

  • MD5

    45b6935f88538f5531afc2610a1cca23

  • SHA1

    b6e478830b5de582eb06168fb65b301c136aa8cc

  • SHA256

    fb7052fcf6f82cc40730deb412f0600946d01b2c2ba4b63db8e4de5dd3f897db

  • SHA512

    8bb687ea5df3490c93893ca9aff0e99e27c9e127b3f31b8a8e73862c617224a8899a14c1c437c0c524615fb98c8c40894073ce4d0f24aa387c2a4859c2cf17e6

  • SSDEEP

    12288:AfcfPG+rfi1BqAvtmDgsHIyyeSsZcgWaWSQCs9YB7HRvuWsvy/Pqks99FHvhWqVN:DW5fIDgsHt8McgWZ4V5o9Hv8qVPEuiU

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Renames itself 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Checks CPU configuration 1 TTPs 29 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/45b6935f88538f5531afc2610a1cca23_JaffaCakes118
    /tmp/45b6935f88538f5531afc2610a1cca23_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:685
    • /bin/sh
      sh -c "ulimit -n 2048"
      2⤵
        PID:689
      • /bin/sh
        sh -c "chmod 777 pro.sh"
        2⤵
          PID:690
          • /usr/bin/chmod
            chmod 777 pro.sh
            3⤵
              PID:691
          • /bin/sh
            sh -c "./pro.sh ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118 &"
            2⤵
              PID:692
          • /tmp/pro.sh
            ./pro.sh ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
            1⤵
            • Executes dropped EXE
            PID:693
            • /usr/bin/ps
              ps -ef
              2⤵
              • Checks CPU configuration
              • Reads runtime system information
              PID:698
            • /usr/bin/grep
              grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
              2⤵
                PID:699
              • /usr/bin/grep
                grep -v grep
                2⤵
                  PID:700
                • /usr/bin/grep
                  grep -v pro.sh
                  2⤵
                    PID:701
                • /usr/bin/nohup
                  nohup ./._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                  1⤵
                    PID:702
                  • /tmp/._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                    ./._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                    1⤵
                    • Reads CPU attributes
                    • Writes file to tmp directory
                    PID:702
                    • /bin/sh
                      sh -c "ulimit -n 2048"
                      2⤵
                        PID:705
                      • /bin/sh
                        sh -c "chmod 777 pro.sh"
                        2⤵
                          PID:706
                          • /usr/bin/chmod
                            chmod 777 pro.sh
                            3⤵
                              PID:707
                          • /bin/sh
                            sh -c "./pro.sh ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118 &"
                            2⤵
                              PID:708
                            • /bin/sh
                              sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                              2⤵
                                PID:710
                                • /usr/bin/cat
                                  cat /proc/cpuinfo
                                  3⤵
                                  • Checks CPU configuration
                                  PID:711
                                • /usr/bin/grep
                                  grep "cpu MHz"
                                  3⤵
                                    PID:712
                                  • /usr/bin/sed
                                    sed -e "s/.*:[^0-9]//"
                                    3⤵
                                      PID:713
                                  • /bin/sh
                                    sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                    2⤵
                                      PID:726
                                      • /usr/bin/cat
                                        cat /proc/cpuinfo
                                        3⤵
                                        • Checks CPU configuration
                                        PID:727
                                      • /usr/bin/grep
                                        grep "cpu MHz"
                                        3⤵
                                          PID:728
                                        • /usr/bin/sed
                                          sed -e "s/.*:[^0-9]//"
                                          3⤵
                                            PID:729
                                        • /bin/sh
                                          sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                          2⤵
                                            PID:736
                                            • /usr/bin/grep
                                              grep "cpu MHz"
                                              3⤵
                                                PID:738
                                              • /usr/bin/cat
                                                cat /proc/cpuinfo
                                                3⤵
                                                • Checks CPU configuration
                                                PID:737
                                              • /usr/bin/sed
                                                sed -e "s/.*:[^0-9]//"
                                                3⤵
                                                  PID:739
                                              • /bin/sh
                                                sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                2⤵
                                                  PID:748
                                                  • /usr/bin/cat
                                                    cat /proc/cpuinfo
                                                    3⤵
                                                    • Checks CPU configuration
                                                    PID:749
                                                  • /usr/bin/grep
                                                    grep "cpu MHz"
                                                    3⤵
                                                      PID:750
                                                    • /usr/bin/sed
                                                      sed -e "s/.*:[^0-9]//"
                                                      3⤵
                                                        PID:751
                                                    • /bin/sh
                                                      sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                      2⤵
                                                        PID:758
                                                        • /usr/bin/cat
                                                          cat /proc/cpuinfo
                                                          3⤵
                                                          • Checks CPU configuration
                                                          PID:759
                                                        • /usr/bin/grep
                                                          grep "cpu MHz"
                                                          3⤵
                                                            PID:760
                                                          • /usr/bin/sed
                                                            sed -e "s/.*:[^0-9]//"
                                                            3⤵
                                                              PID:761
                                                          • /bin/sh
                                                            sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                            2⤵
                                                              PID:768
                                                              • /usr/bin/cat
                                                                cat /proc/cpuinfo
                                                                3⤵
                                                                • Checks CPU configuration
                                                                PID:769
                                                              • /usr/bin/grep
                                                                grep "cpu MHz"
                                                                3⤵
                                                                  PID:770
                                                                • /usr/bin/sed
                                                                  sed -e "s/.*:[^0-9]//"
                                                                  3⤵
                                                                    PID:771
                                                                • /bin/sh
                                                                  sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                  2⤵
                                                                    PID:778
                                                                    • /usr/bin/cat
                                                                      cat /proc/cpuinfo
                                                                      3⤵
                                                                      • Checks CPU configuration
                                                                      PID:779
                                                                    • /usr/bin/grep
                                                                      grep "cpu MHz"
                                                                      3⤵
                                                                        PID:780
                                                                      • /usr/bin/sed
                                                                        sed -e "s/.*:[^0-9]//"
                                                                        3⤵
                                                                          PID:781
                                                                      • /bin/sh
                                                                        sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                        2⤵
                                                                          PID:788
                                                                          • /usr/bin/cat
                                                                            cat /proc/cpuinfo
                                                                            3⤵
                                                                            • Checks CPU configuration
                                                                            PID:789
                                                                          • /usr/bin/grep
                                                                            grep "cpu MHz"
                                                                            3⤵
                                                                              PID:790
                                                                            • /usr/bin/sed
                                                                              sed -e "s/.*:[^0-9]//"
                                                                              3⤵
                                                                                PID:791
                                                                            • /bin/sh
                                                                              sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                              2⤵
                                                                                PID:803
                                                                                • /usr/bin/cat
                                                                                  cat /proc/cpuinfo
                                                                                  3⤵
                                                                                  • Checks CPU configuration
                                                                                  PID:804
                                                                                • /usr/bin/grep
                                                                                  grep "cpu MHz"
                                                                                  3⤵
                                                                                    PID:805
                                                                                  • /usr/bin/sed
                                                                                    sed -e "s/.*:[^0-9]//"
                                                                                    3⤵
                                                                                      PID:806
                                                                                  • /bin/sh
                                                                                    sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                                    2⤵
                                                                                      PID:814
                                                                                      • /usr/bin/cat
                                                                                        cat /proc/cpuinfo
                                                                                        3⤵
                                                                                        • Checks CPU configuration
                                                                                        PID:815
                                                                                      • /usr/bin/grep
                                                                                        grep "cpu MHz"
                                                                                        3⤵
                                                                                          PID:816
                                                                                        • /usr/bin/sed
                                                                                          sed -e "s/.*:[^0-9]//"
                                                                                          3⤵
                                                                                            PID:817
                                                                                        • /bin/sh
                                                                                          sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                                          2⤵
                                                                                            PID:824
                                                                                            • /usr/bin/cat
                                                                                              cat /proc/cpuinfo
                                                                                              3⤵
                                                                                              • Checks CPU configuration
                                                                                              PID:825
                                                                                            • /usr/bin/grep
                                                                                              grep "cpu MHz"
                                                                                              3⤵
                                                                                                PID:826
                                                                                              • /usr/bin/sed
                                                                                                sed -e "s/.*:[^0-9]//"
                                                                                                3⤵
                                                                                                  PID:827
                                                                                              • /bin/sh
                                                                                                sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                                                2⤵
                                                                                                  PID:835
                                                                                                  • /usr/bin/cat
                                                                                                    cat /proc/cpuinfo
                                                                                                    3⤵
                                                                                                    • Checks CPU configuration
                                                                                                    PID:836
                                                                                                  • /usr/bin/grep
                                                                                                    grep "cpu MHz"
                                                                                                    3⤵
                                                                                                      PID:837
                                                                                                    • /usr/bin/sed
                                                                                                      sed -e "s/.*:[^0-9]//"
                                                                                                      3⤵
                                                                                                        PID:838
                                                                                                    • /bin/sh
                                                                                                      sh -c "cat /proc/cpuinfo|grep 'cpu MHz'|sed -e 's/.*:[^0-9]//'"
                                                                                                      2⤵
                                                                                                        PID:845
                                                                                                        • /usr/bin/cat
                                                                                                          cat /proc/cpuinfo
                                                                                                          3⤵
                                                                                                          • Checks CPU configuration
                                                                                                          PID:846
                                                                                                        • /usr/bin/grep
                                                                                                          grep "cpu MHz"
                                                                                                          3⤵
                                                                                                            PID:847
                                                                                                          • /usr/bin/sed
                                                                                                            sed -e "s/.*:[^0-9]//"
                                                                                                            3⤵
                                                                                                              PID:848
                                                                                                        • /tmp/pro.sh
                                                                                                          ./pro.sh ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                          1⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:709
                                                                                                          • /usr/bin/ps
                                                                                                            ps -ef
                                                                                                            2⤵
                                                                                                            • Checks CPU configuration
                                                                                                            • Reads runtime system information
                                                                                                            PID:715
                                                                                                          • /usr/bin/grep
                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                            2⤵
                                                                                                              PID:716
                                                                                                            • /usr/bin/grep
                                                                                                              grep -v grep
                                                                                                              2⤵
                                                                                                                PID:717
                                                                                                              • /usr/bin/grep
                                                                                                                grep -v pro.sh
                                                                                                                2⤵
                                                                                                                  PID:718
                                                                                                                • /usr/bin/sleep
                                                                                                                  sleep 10
                                                                                                                  2⤵
                                                                                                                    PID:719
                                                                                                                  • /usr/bin/ps
                                                                                                                    ps -ef
                                                                                                                    2⤵
                                                                                                                    • Checks CPU configuration
                                                                                                                    • Reads runtime system information
                                                                                                                    PID:721
                                                                                                                  • /usr/bin/grep
                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                    2⤵
                                                                                                                      PID:722
                                                                                                                    • /usr/bin/grep
                                                                                                                      grep -v grep
                                                                                                                      2⤵
                                                                                                                        PID:723
                                                                                                                      • /usr/bin/grep
                                                                                                                        grep -v pro.sh
                                                                                                                        2⤵
                                                                                                                          PID:724
                                                                                                                        • /usr/bin/sleep
                                                                                                                          sleep 10
                                                                                                                          2⤵
                                                                                                                            PID:725
                                                                                                                          • /usr/bin/ps
                                                                                                                            ps -ef
                                                                                                                            2⤵
                                                                                                                            • Checks CPU configuration
                                                                                                                            • Reads runtime system information
                                                                                                                            PID:731
                                                                                                                          • /usr/bin/grep
                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                            2⤵
                                                                                                                              PID:732
                                                                                                                            • /usr/bin/grep
                                                                                                                              grep -v grep
                                                                                                                              2⤵
                                                                                                                                PID:733
                                                                                                                              • /usr/bin/grep
                                                                                                                                grep -v pro.sh
                                                                                                                                2⤵
                                                                                                                                  PID:734
                                                                                                                                • /usr/bin/sleep
                                                                                                                                  sleep 10
                                                                                                                                  2⤵
                                                                                                                                    PID:735
                                                                                                                                  • /usr/bin/ps
                                                                                                                                    ps -ef
                                                                                                                                    2⤵
                                                                                                                                    • Checks CPU configuration
                                                                                                                                    • Reads runtime system information
                                                                                                                                    PID:743
                                                                                                                                  • /usr/bin/grep
                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                    2⤵
                                                                                                                                      PID:744
                                                                                                                                    • /usr/bin/grep
                                                                                                                                      grep -v grep
                                                                                                                                      2⤵
                                                                                                                                        PID:745
                                                                                                                                      • /usr/bin/grep
                                                                                                                                        grep -v pro.sh
                                                                                                                                        2⤵
                                                                                                                                          PID:746
                                                                                                                                        • /usr/bin/sleep
                                                                                                                                          sleep 10
                                                                                                                                          2⤵
                                                                                                                                            PID:747
                                                                                                                                          • /usr/bin/grep
                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                            2⤵
                                                                                                                                              PID:754
                                                                                                                                            • /usr/bin/ps
                                                                                                                                              ps -ef
                                                                                                                                              2⤵
                                                                                                                                              • Checks CPU configuration
                                                                                                                                              • Reads runtime system information
                                                                                                                                              PID:753
                                                                                                                                            • /usr/bin/grep
                                                                                                                                              grep -v grep
                                                                                                                                              2⤵
                                                                                                                                                PID:755
                                                                                                                                              • /usr/bin/grep
                                                                                                                                                grep -v pro.sh
                                                                                                                                                2⤵
                                                                                                                                                  PID:756
                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                  sleep 10
                                                                                                                                                  2⤵
                                                                                                                                                    PID:757
                                                                                                                                                  • /usr/bin/ps
                                                                                                                                                    ps -ef
                                                                                                                                                    2⤵
                                                                                                                                                    • Checks CPU configuration
                                                                                                                                                    • Reads runtime system information
                                                                                                                                                    PID:763
                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                    2⤵
                                                                                                                                                      PID:764
                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                      grep -v grep
                                                                                                                                                      2⤵
                                                                                                                                                        PID:765
                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                        grep -v pro.sh
                                                                                                                                                        2⤵
                                                                                                                                                          PID:766
                                                                                                                                                        • /usr/bin/sleep
                                                                                                                                                          sleep 10
                                                                                                                                                          2⤵
                                                                                                                                                            PID:767
                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                            ps -ef
                                                                                                                                                            2⤵
                                                                                                                                                            • Checks CPU configuration
                                                                                                                                                            • Reads runtime system information
                                                                                                                                                            PID:773
                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                            2⤵
                                                                                                                                                              PID:774
                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                              grep -v grep
                                                                                                                                                              2⤵
                                                                                                                                                                PID:775
                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                grep -v pro.sh
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:776
                                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                                  sleep 10
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:777
                                                                                                                                                                  • /usr/bin/ps
                                                                                                                                                                    ps -ef
                                                                                                                                                                    2⤵
                                                                                                                                                                    • Checks CPU configuration
                                                                                                                                                                    • Reads runtime system information
                                                                                                                                                                    PID:783
                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:784
                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                      grep -v grep
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:785
                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                        grep -v pro.sh
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:786
                                                                                                                                                                        • /usr/bin/sleep
                                                                                                                                                                          sleep 10
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:787
                                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                                            ps -ef
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Checks CPU configuration
                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                            PID:793
                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:794
                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                              grep -v grep
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:795
                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                grep -v pro.sh
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:796
                                                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                                                  sleep 10
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:797
                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:800
                                                                                                                                                                                    • /usr/bin/ps
                                                                                                                                                                                      ps -ef
                                                                                                                                                                                      2⤵
                                                                                                                                                                                      • Checks CPU configuration
                                                                                                                                                                                      • Reads runtime system information
                                                                                                                                                                                      PID:799
                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                      grep -v grep
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:801
                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                        grep -v pro.sh
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:802
                                                                                                                                                                                        • /usr/bin/sleep
                                                                                                                                                                                          sleep 10
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:807
                                                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                                                            ps -ef
                                                                                                                                                                                            2⤵
                                                                                                                                                                                            • Checks CPU configuration
                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                            PID:809
                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:810
                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:811
                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                grep -v pro.sh
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:812
                                                                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                                                                  sleep 10
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:813
                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:820
                                                                                                                                                                                                    • /usr/bin/ps
                                                                                                                                                                                                      ps -ef
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                      • Checks CPU configuration
                                                                                                                                                                                                      • Reads runtime system information
                                                                                                                                                                                                      PID:819
                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                      grep -v grep
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:821
                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                        grep -v pro.sh
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:822
                                                                                                                                                                                                        • /usr/bin/sleep
                                                                                                                                                                                                          sleep 10
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:823
                                                                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                                                                            ps -ef
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                            • Checks CPU configuration
                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                            PID:830
                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:831
                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:832
                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                grep -v pro.sh
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:833
                                                                                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                                                                                  sleep 10
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:834
                                                                                                                                                                                                                  • /usr/bin/ps
                                                                                                                                                                                                                    ps -ef
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                    • Checks CPU configuration
                                                                                                                                                                                                                    • Reads runtime system information
                                                                                                                                                                                                                    PID:840
                                                                                                                                                                                                                  • /usr/bin/grep
                                                                                                                                                                                                                    grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:841
                                                                                                                                                                                                                    • /usr/bin/grep
                                                                                                                                                                                                                      grep -v grep
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:842
                                                                                                                                                                                                                      • /usr/bin/grep
                                                                                                                                                                                                                        grep -v pro.sh
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:843
                                                                                                                                                                                                                        • /usr/bin/sleep
                                                                                                                                                                                                                          sleep 10
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:844
                                                                                                                                                                                                                          • /usr/bin/ps
                                                                                                                                                                                                                            ps -ef
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                            • Checks CPU configuration
                                                                                                                                                                                                                            • Reads runtime system information
                                                                                                                                                                                                                            PID:850
                                                                                                                                                                                                                          • /usr/bin/grep
                                                                                                                                                                                                                            grep ._2024072945b6935f88538f5531afc2610a1cca23_JaffaCakes118
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:851
                                                                                                                                                                                                                            • /usr/bin/grep
                                                                                                                                                                                                                              grep -v grep
                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                PID:852
                                                                                                                                                                                                                              • /usr/bin/grep
                                                                                                                                                                                                                                grep -v pro.sh
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:853
                                                                                                                                                                                                                                • /usr/bin/sleep
                                                                                                                                                                                                                                  sleep 10
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:854

                                                                                                                                                                                                                                Network

                                                                                                                                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                                                                Downloads

                                                                                                                                                                                                                                • /tmp/pro.sh

                                                                                                                                                                                                                                  Filesize

                                                                                                                                                                                                                                  161B

                                                                                                                                                                                                                                  MD5

                                                                                                                                                                                                                                  40d8d561d8ae7796e03a4f0f8e62a1ab

                                                                                                                                                                                                                                  SHA1

                                                                                                                                                                                                                                  2bc467db7ab4eb2bb4a5d082c452c0ad57a9813c

                                                                                                                                                                                                                                  SHA256

                                                                                                                                                                                                                                  6300dc9fa2a9a7d30906a535d938d6960dbbe883b93c6eeb12fa3a5696dd0010

                                                                                                                                                                                                                                  SHA512

                                                                                                                                                                                                                                  03743f2227c851bf0c3ad2e2fa4face0a0462c4f1c0d25b4beca5c511388b56c580b7ed38502ab1017b932edd5588c23563333a0dd055b649b708e7c0f7b2735