Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
21/09/2024, 08:56
Static task
static1
Behavioral task
behavioral1
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Resource
debian9-mipsel-20240418-en
General
-
Target
ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
-
Size
1KB
-
MD5
ef74797ed93ffcc0506a4be0bf2fc3d8
-
SHA1
df1af944cc6d2f580e879f7ffb5d902704728c46
-
SHA256
1c41c82bdbcea4eb23cde97b947e5a32a8a08511588780b0e3285f65a7ce2578
-
SHA512
bf357fc02eeaa20a920d66d3e981aadddc45ec004fd31b72f34d020626cbfa5bcf57b72c12ac0db47b1e88d38d076e41d9dbad165d9e8ab86552a12c23a34a4d
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 742 chmod 711 chmod 757 chmod 763 chmod 774 chmod 779 chmod 789 chmod 750 chmod 728 chmod 736 chmod 769 chmod 720 chmod 784 chmod -
Executes dropped EXE 13 IoCs
ioc pid Process /tmp/badbox 713 badbox /tmp/badbox 721 badbox /tmp/badbox 730 badbox /tmp/badbox 738 badbox /tmp/badbox 743 badbox /tmp/badbox 751 badbox /tmp/badbox 759 badbox /tmp/badbox 764 badbox /tmp/badbox 770 badbox /tmp/badbox 775 badbox /tmp/badbox 780 badbox /tmp/badbox 785 badbox /tmp/badbox 790 badbox -
description ioc Process File opened for reading /proc/filesystems cp -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/busybox cp File opened for modification /tmp/badbox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118
Processes
-
/tmp/ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118/tmp/ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes1181⤵
- Writes file to tmp directory
PID:698 -
/bin/cpcp /bin/busybox /tmp/2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:704
-
-
/bin/catcat ntpd2⤵PID:709
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:711
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:713
-
-
/bin/catcat sshd2⤵PID:717
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:720
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:721
-
-
/bin/catcat openssh2⤵PID:726
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:728
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:730
-
-
/bin/catcat bash2⤵PID:734
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:738
-
-
/bin/catcat tftp2⤵PID:741
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:742
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:743
-
-
/bin/catcat wget2⤵PID:748
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:750
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:751
-
-
/bin/catcat cron2⤵PID:756
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:757
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:759
-
-
/bin/catcat ftp2⤵PID:762
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:763
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:764
-
-
/bin/catcat pftp2⤵PID:768
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:769
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:770
-
-
/bin/catcat sh2⤵PID:773
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:774
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:775
-
-
/bin/catcat " "2⤵PID:778
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:779
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:780
-
-
/bin/catcat apache22⤵PID:783
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:784
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:785
-
-
/bin/catcat telnetd2⤵PID:788
-
-
/bin/chmodchmod +x badbox busybox ef74797ed93ffcc0506a4be0bf2fc3d8_JaffaCakes118 systemd-private-ce7c6e8a3a3f4152b6b47b0b826ed39e-systemd-timedated.service-U4YAHY2⤵
- File and Directory Permissions Modification
PID:789
-
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:790
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
857KB
MD5a39fe8036e559ce804e26518061e59ff
SHA18df27f6e8a48b762d945ea2f2b87390c80acd4de
SHA2563180df117342646dcdc4c436f95b41e15587e2238ec59064b4b06c065d56cf38
SHA512e97756f316fceef7360e789362648529eea50eb6f7cc56cf654b3fc43ca61f0e4d9f366ed8fd59b73dd5a49615e935e9f53686d15f9a83c7fa472a70e7196d0d