Analysis Overview
SHA256
fb3a2b9fa8fce18c92a0523846a5caf15c0094bb4215ed5a1947a387f5a48365
Threat Level: Likely malicious
The file ff80371810dff12a679bf85583920a51_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Writes memory of remote process
Loads a kernel module
Reads runtime system information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-09-29 23:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-29 23:32
Reported
2024-09-29 23:34
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
135s
Max time network
148s
Command Line
Signatures
Writes memory of remote process
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
Loads a kernel module
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
| N/A | N/A | /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
Processes
/tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118
[/tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118]
/usr/bin/cp
[cp -f /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 /lib/ff80371810dff12a679bf85583920a51_JaffaCakes118]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 2.redhat-up.com | udp |
| US | 8.8.4.4:53 | 2.redhat-up.com | udp |
| US | 174.139.175.108:80 | tcp | |
| US | 8.8.8.8:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | _http._tcp.security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | security.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 8.8.8.8:53 | se.archive.ubuntu.com | udp |
| US | 91.189.91.83:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.173:80 | se.archive.ubuntu.com | tcp |
| US | 8.8.8.8:53 | 2.redhat-up.com | udp |
| US | 8.8.4.4:53 | 2.redhat-up.com | udp |
| US | 174.139.175.108:80 | tcp |
Files
/usr/lib/5d570686-37ee-11e2-b228-000c292cb65c
| MD5 | 8cdaebf5165f89c6a03fadc727e39f09 |
| SHA1 | f40723aaad902615ca8397d9c30b77c9e2ce77dd |
| SHA256 | 2993607ed496df8ae47650f392433c032b953d81548a289badcad9f45ffdcc3e |
| SHA512 | 4a5dfee9f0c661d58011b5e953a674101375185b3ad8dc58ec2b3afbefaf0f60fa31a13bba2946eb4c5aea9ee0e87cf1d31d9a7d35276b4b66435609889b6d63 |
/tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118e
| MD5 | e236412fb598fd130d4c0c88cfb5d2ba |
| SHA1 | 626d970cf2251b4b6572d56d580da6bf2011b303 |
| SHA256 | efed8e0673d22e6bbabada6e6888274f0934794eedba1d1d68ea4c05a02a1126 |
| SHA512 | a61d4eac889548c1f1f5f3a747e9ce1f2a7afe8ae640d34776af2ec95589e7331efbee381e76bee0d7c09d2749a471ff1bc067bb94e0291c3509c72306815400 |