Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/09/2024, 08:56
Static task
static1
Behavioral task
behavioral1
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-mipsel-20240418-en
General
-
Target
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
-
Size
1KB
-
MD5
ef74797ed93ffcc0506a4be0bf2fc3d8
-
SHA1
df1af944cc6d2f580e879f7ffb5d902704728c46
-
SHA256
1c41c82bdbcea4eb23cde97b947e5a32a8a08511588780b0e3285f65a7ce2578
-
SHA512
bf357fc02eeaa20a920d66d3e981aadddc45ec004fd31b72f34d020626cbfa5bcf57b72c12ac0db47b1e88d38d076e41d9dbad165d9e8ab86552a12c23a34a4d
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1522 chmod 1537 chmod 1547 chmod 1552 chmod 1512 chmod 1532 chmod 1542 chmod 1572 chmod 1527 chmod 1557 chmod 1562 chmod 1567 chmod 1517 chmod -
Executes dropped EXE 13 IoCs
ioc pid Process /tmp/badbox 1513 badbox /tmp/badbox 1518 badbox /tmp/badbox 1523 badbox /tmp/badbox 1528 badbox /tmp/badbox 1533 badbox /tmp/badbox 1538 badbox /tmp/badbox 1543 badbox /tmp/badbox 1548 badbox /tmp/badbox 1553 badbox /tmp/badbox 1558 badbox /tmp/badbox 1563 badbox /tmp/badbox 1568 badbox /tmp/badbox 1573 badbox -
description ioc Process File opened for reading /proc/filesystems cp -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/badbox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 File opened for modification /tmp/busybox cp
Processes
-
/tmp/ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118/tmp/ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1508 -
/bin/cpcp /bin/busybox /tmp/2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1509
-
-
/bin/catcat ntpd2⤵PID:1511
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1512
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1513
-
-
/bin/catcat sshd2⤵PID:1516
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1517
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1518
-
-
/bin/catcat openssh2⤵PID:1521
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1522
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1523
-
-
/bin/catcat bash2⤵PID:1526
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1527
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1528
-
-
/bin/catcat tftp2⤵PID:1531
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1532
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1533
-
-
/bin/catcat wget2⤵PID:1536
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1537
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1538
-
-
/bin/catcat cron2⤵PID:1541
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1542
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1543
-
-
/bin/catcat ftp2⤵PID:1546
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1547
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1548
-
-
/bin/catcat pftp2⤵PID:1551
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1552
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1553
-
-
/bin/catcat sh2⤵PID:1556
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1557
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1558
-
-
/bin/catcat " "2⤵PID:1561
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1562
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1563
-
-
/bin/catcat apache22⤵PID:1566
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1567
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1568
-
-
/bin/catcat telnetd2⤵PID:1571
-
-
/bin/chmodchmod +x badbox busybox config-err-gSYeSF ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 netplan_escgt653 snap-private-tmp ssh-DGjiLaK51db6 systemd-private-7d704eabf2e542bc8051481b6b431471-bolt.service-e6jDAF systemd-private-7d704eabf2e542bc8051481b6b431471-colord.service-KeVe2N systemd-private-7d704eabf2e542bc8051481b6b431471-ModemManager.service-AQvz0Z systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-resolved.service-Km8n5c systemd-private-7d704eabf2e542bc8051481b6b431471-systemd-timedated.service-0exMmn2⤵
- File and Directory Permissions Modification
PID:1572
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1573
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5b4dede5fc0b1bad5cb8e901bde126b97
SHA110cbe9a418ad84a1ed297948539d37aeb58dd810
SHA256a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020
SHA51245665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6