Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    15/12/2024, 15:46

General

  • Target

    f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes118

  • Size

    30KB

  • MD5

    f4ac166ab3b83dfb05acb44a00978ea6

  • SHA1

    f35bad3e72abf1a3077171d13b676b2f2d7e5e5d

  • SHA256

    9aaba08a566dffe2923e9e5037baab65dc24f9bda8ee6e4ce03ce09418a66a4b

  • SHA512

    243043434be05b09b4e8a53fb8d8330b6e8178dc5e94f73c1560c1d3367e5279142d65552b32994334f286a6d3abe960b1f747a1c22e04782b5e8557e4049201

  • SSDEEP

    768:4IyvYLznDEB2iC+sD6PGL29pVhMJ8yoj63XjJgGlzDpbuR1JX:43YnnDEBI+siJpEJtV5VJu5

Malware Config

Extracted

Family

mirai

Botnet

UNST

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Contacts a large (20252) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 42 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes118
    /tmp/f4ac166ab3b83dfb05acb44a00978ea6_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:703

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads