c8914ea451d41f7e75e8b03c649b7a53a4aab52cd2f517f1d93dee19ef5221b7

Analysis

max time kernel
41s
max time network
152s
platform
debian-12_armhf
resource
debian12-armhf-20240729-en
resource tags

arch:armhfimage:debian12-armhf-20240729-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
31/12/2024, 15:20

Target

JaffaCakes118_248db6aafaf0d1595c6fdfb2b3e79276
Size

52KB
MD5

248db6aafaf0d1595c6fdfb2b3e79276
SHA1

d5d24bd25c4b0ccbf65b631e5db7ff4a9d56fd06
SHA256

c8914ea451d41f7e75e8b03c649b7a53a4aab52cd2f517f1d93dee19ef5221b7
SHA512

83a557b947aa3e3f6cf7cc6837f79541bbf589c991330710a97932b90af0d2257953391172abe75daf929c468705ba4829f78420702414c3eef6a5baf01d0fdf
SSDEEP

1536:O3n/AinH8TWlAfRonHZ6idq18KHEY2EVxOa3x5deG:tq5HMidqi3mU

Score

9^/10

discovery

Contacts a large (227651) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	111111111111111111111111111111111111111111111111111	707	JaffaCakes118_248db6aafaf0d1595c6fdfb2b3e79276

/tmp/JaffaCakes118_248db6aafaf0d1595c6fdfb2b3e79276
/tmp/JaffaCakes118_248db6aafaf0d1595c6fdfb2b3e79276
1⤵
- Changes its process name
PID:707

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact