Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

c1af7ef23d...kes118

ubuntu-22.04-amd64

6

Analysis

  • max time kernel
    26s
  • max time network
    139s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    25/08/2024, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1af7ef23d07816dbe58b92f264aa09b_JaffaCakes118

  • Size

    1.7MB

  • MD5

    c1af7ef23d07816dbe58b92f264aa09b

  • SHA1

    8fd67e0933e8f68705e253ab32a3931f060111ff

  • SHA256

    43acbf339a1b4cfdc751219fe1bb80238bfed0a6e1f945abd80e2c2a7f4b47cd

  • SHA512

    ac63e3fafb89c53276b5b47120a985eb97f213c685fe16909e37b55caa9567f5ea8dea75d6387fd433b5feeb7db7cbfb40eb4719f3c66bb886298e180ff903d3

  • SSDEEP

    24576:MAVxeIC1t8nTJTpcIYv6d6KeMEd8U85rCVjMEb2j/9iGsGifi3spriXd5:MAVxeIgt8P6FMEd8U85rgM22j/9IGfgq

Score
6/10

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/c1af7ef23d07816dbe58b92f264aa09b_JaffaCakes118
    /tmp/c1af7ef23d07816dbe58b92f264aa09b_JaffaCakes118
    1⤵
    • Reads system network configuration
    • Reads runtime system information
    PID:1577
    • /bin/sh
      sh -c "killall declient"
      2⤵
        PID:1578
        • /usr/bin/killall
          killall declient
          3⤵
          • Reads runtime system information
          PID:1579
      • /bin/sh
        sh -c "cat /proc/meminfo|grep MemTotal>/tmp/Meminfo"
        2⤵
        • Writes file to tmp directory
        PID:1583
        • /usr/bin/grep
          grep MemTotal
          3⤵
            PID:1585
          • /usr/bin/cat
            cat /proc/meminfo
            3⤵
              PID:1584
          • /bin/sh
            sh -c "ethtool eth2|grep Speed >/tmp/NetSpeedInfo"
            2⤵
            • Writes file to tmp directory
            PID:1586
            • /usr/bin/grep
              grep Speed
              3⤵
              • Reads runtime system information
              PID:1588
          • /bin/sh
            sh -c "rm /tmp/NetSpeedInfo /tmp/Meminfo"
            2⤵
              PID:1589
              • /usr/bin/rm
                rm /tmp/NetSpeedInfo /tmp/Meminfo
                3⤵
                  PID:1590
              • /bin/sh
                sh -c "cat /proc/meminfo|grep MemTotal>/tmp/Meminfo"
                2⤵
                • Writes file to tmp directory
                PID:1604
                • /usr/bin/grep
                  grep MemTotal
                  3⤵
                    PID:1606
                  • /usr/bin/cat
                    cat /proc/meminfo
                    3⤵
                      PID:1605
                  • /bin/sh
                    sh -c "ethtool eth2|grep Speed >/tmp/NetSpeedInfo"
                    2⤵
                    • Writes file to tmp directory
                    PID:1607
                    • /usr/bin/grep
                      grep Speed
                      3⤵
                        PID:1609
                    • /bin/sh
                      sh -c "rm /tmp/NetSpeedInfo /tmp/Meminfo"
                      2⤵
                        PID:1610
                        • /usr/bin/rm
                          rm /tmp/NetSpeedInfo /tmp/Meminfo
                          3⤵
                            PID:1611

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • /tmp/Meminfo
                        Filesize

                        28B

                        MD5

                        9facab3a0327c28c0e58b0007da058f8

                        SHA1

                        d232272748c04670f3d967f691c9edd04b6c0b24

                        SHA256

                        7b200d15059b67bc7824a7b7835ead9ae6b16915d9f717366263f2e2ed54f570

                        SHA512

                        b3c735ce50017e947f3edf1c7b7ed4e091d96e5b8e3992a74d776bdf71bdcad4d5ca913979b5639e7db9636c32eaf121a34ef3cb53ae30f771d467a5403fe147

                        Download Submit