20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987

Analysis

max time kernel
0s
max time network
134s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20221111-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
24/11/2022, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
Size

5KB
MD5

06573b97f6ce7087309c52a24b3fd5d4
SHA1

9971a1324ea973e4c19065cf28e1144d8afe99ef
SHA256

20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
SHA512

907b0fefe3580512acf8c9bcdf0e33a57738403fb9baef409484b5f9f1c42d4dfe6882f0a0d86bf4fcc8f8dec81aea75f008cc7a37eb18c86f429a7af91d67de
SSDEEP

96:VzalhcpOOQAnPGHhgmft8ryw/wBbaVYdIPd9aBqBZ6tspGU5qtkLQxkhV4x/EG3D:kc5QAqgm1yya0buwc0seoG4+uEYVK/Hz

Score

5^/10

Malware Config

Signatures

Reads runtime system information 17 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mkdir
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	ls

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987	/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987	20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987

/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
1⤵
- Writes file to tmp directory
PID:615
- /bin/tar
  tar -xzvf f00c0d3.tar.gz
  2⤵
  - Reads runtime system information
  PID:617
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:619
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:620
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:621
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:622
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:623
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:624
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:625
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:626
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:627
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:628
- /bin/mv
  mv 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm /tmp
  2⤵
  - Reads runtime system information
  PID:629
- /bin/mv
  mv udev udev1
  2⤵
  - Reads runtime system information
  PID:630
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:631
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:632
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:633
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:634
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:635
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:636
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:637
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:642
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:643
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:644
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:645
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:646
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:647
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:648
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:649
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:650
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 netplan_t6i_6u1r systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-resolved.service-kH4LvL systemd-private-43e06fefe01f479fa57136ccf4dcc622-systemd-timesyncd.service-wpAqTm
  2⤵
  PID:651
- /bin/mv
  mv getterm /tmp/zd/getterm
  2⤵
  - Reads runtime system information
  PID:652
- /usr/bin/gcc
  gcc apple.c -o apple
  2⤵
  PID:653
- /usr/bin/gcc
  gcc full-nelson-fixed.c -o full-nelson-fixed1
  2⤵
  PID:654
- /usr/bin/gcc
  gcc payload.c -o payload
  2⤵
  PID:655
- /usr/bin/gcc
  gcc ptrace_attach-fixed.c -o ptrace_attach-fixed
  2⤵
  PID:656
- /usr/bin/gcc
  gcc rds-fixed.c -o rds-fixed1
  2⤵
  PID:657
- /usr/bin/gcc
  gcc -o udpsendmsg-fixed udpsendmsg-fixed.c
  2⤵
  PID:658
- /usr/bin/gcc
  gcc 0x82.c -o 0x821
  2⤵
  PID:659
- /usr/bin/gcc
  gcc 0x82-simple.c -o 0x82-simple1
  2⤵
  PID:660
- /usr/bin/gcc
  gcc linux-sendpage.c -o linux-sendpage1
  2⤵
  PID:661
- /usr/bin/gcc
  gcc udp_sendmsg.c -o udp_sendmsg1
  2⤵
  PID:662
- /usr/bin/gcc
  gcc 32.c -o 321
  2⤵
  PID:663
- /usr/bin/gcc
  gcc andi.c -o andi1
  2⤵
  PID:664
- /usr/bin/gcc
  gcc exploit.c -o exploit1
  2⤵
  PID:665
- /usr/bin/gcc
  gcc ppc.c -o ppc1
  2⤵
  PID:666
- /usr/bin/gcc
  gcc simple.c -o simple1
  2⤵
  PID:667
- /usr/bin/gcc
  gcc 2.6.31-2010.c -o 2.6.31-2010
  2⤵
  PID:668
- /usr/bin/gcc
  gcc ab.c -o ab
  2⤵
  PID:669
- /usr/bin/gcc
  gcc american-sign-language.c -o american-sign-language
  2⤵
  PID:670
- /usr/bin/gcc
  gcc caps-to-root2.c -o caps-to-root2
  2⤵
  PID:671
- /usr/bin/gcc
  gcc CVE-2010-2963.c -o CVE-2010-2963
  2⤵
  PID:672
- /usr/bin/gcc
  gcc cve-2010-3437.c -o cve-2010-3437
  2⤵
  PID:673
- /usr/bin/gcc
  gcc CVE-2010-3904.c -o CVE-2010-3904
  2⤵
  PID:674
- /usr/bin/gcc
  gcc full-nelson.c -o full-nelson
  2⤵
  PID:675
- /usr/bin/gcc
  gcc i-can-haz-modharden.c -o i-can-haz-modharden
  2⤵
  PID:676
- /usr/bin/gcc
  gcc robert_you_suck.c -o robert_you_suck
  2⤵
  PID:677
- /usr/bin/gcc
  gcc setup_arg_pages.c -o setup_arg_pages
  2⤵
  PID:678
- /bin/mv
  mv /tmp/sh/0.sh /tmp/f00c0d3/0/0.sh
  2⤵
  - Reads runtime system information
  PID:679
- /bin/mv
  mv /tmp/sh/1.sh /tmp/f00c0d3/1/1.sh
  2⤵
  - Reads runtime system information
  PID:680
- /bin/mv
  mv /tmp/sh/2.sh /tmp/f00c0d3/2/2.sh
  2⤵
  - Reads runtime system information
  PID:681
- /bin/mv
  mv /tmp/sh/3.sh /tmp/f00c0d3/3/3.sh
  2⤵
  - Reads runtime system information
  PID:682
- /bin/mv
  mv /tmp/sh/c.sh /tmp/f00c0d3/c/c.sh
  2⤵
  - Reads runtime system information
  PID:683
- /bin/mv
  mv /tmp/sh/fcm.sh /tmp/f00c0d3/fcm.sh
  2⤵
  - Reads runtime system information
  PID:684
- /bin/mkdir
  mkdir e
  2⤵
  - Reads runtime system information
  PID:685
- /bin/mv
  mv e.tar.gz e
  2⤵
  - Reads runtime system information
  PID:686
- /bin/tar
  tar -xzvf e.tar.gz
  2⤵
  - Reads runtime system information
  PID:687
- /usr/bin/gcc
  gcc -O2 -o fs2 fs1.c
  2⤵
  PID:689
- /usr/bin/gcc
  gcc fsn.c -o fsz
  2⤵
  PID:690
- /bin/mv
  mv /tmp/sh/testm.pl /tmp/e
  2⤵
  - Reads runtime system information
  PID:691
- /bin/mv
  mv /tmp/sh/e.sh /tmp/e
  2⤵
  - Reads runtime system information
  PID:692
- /bin/chmod
  chmod +x "*"
  2⤵
  PID:693
- /usr/bin/gcc
  gcc -Wall -o 02.x86_845.32 02.x86_845.c
  2⤵
  PID:694
- /usr/bin/gcc
  gcc -Wall -m64 -o 02.x86_845.64 02.x86_845.c
  2⤵
  PID:695
- /usr/bin/gcc
  gcc -Wall -o 03.2.6.3.any-x86_64.32 03.2.6.3.any-x86_64.c
  2⤵
  PID:696
- /usr/bin/gcc
  gcc -Wall -m64 -o 03.2.6.3.any-x86_64.64 03.2.6.3.any-x86_64.c
  2⤵
  PID:697
- /usr/bin/gcc
  gcc 08.LTE.3.0.alpha-omega.c -o alpha-omega
  2⤵
  PID:698
- /usr/bin/gcc
  gcc -Wall -m64 -o alpha-omega.64 08.LTE.3.0.alpha-omega.c
  2⤵
  PID:699
- /usr/bin/gcc
  gcc -Wall -o 09.2.6.18-128-1.32 09.2.6.18-128-1.c
  2⤵
  PID:700
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.2.6.18-128-1.64 09.2.6.18-128-1.c
  2⤵
  PID:701
- /usr/bin/gcc
  gcc -Wall -o 09.LT.3.8.9.x86_64.32 09.LT.3.8.9.x86_64.c
  2⤵
  PID:702
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.LT.3.8.9.x86_64.64 09.LT.3.8.9.x86_64.c
  2⤵
  PID:703
- /usr/bin/gcc
  gcc -O2 09.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:704
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.LTE.2.6.37-3.x.x.x86_64.semtex.64 09.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:705
- /usr/bin/gcc
  gcc -Wall -o 10.2.6.18-128-1.linux-sendpage.32 10.2.6.18-128-1.linux-sendpage.c
  2⤵
  PID:706
- /usr/bin/gcc
  gcc -Wall -m64 -o 10.2.6.18-128-1.linux-sendpage.64 10.2.6.18-128-1.linux-sendpage.c
  2⤵
  PID:707
- /usr/bin/gcc
  gcc -Wall -o 2-6-18-164-194.LocalRoot.32 2-6-18-164-194.LocalRoot.c
  2⤵
  PID:708
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18-164-194.LocalRoot.64 2-6-18-164-194.LocalRoot.c
  2⤵
  PID:709
- /usr/bin/gcc
  gcc -Wall -o 2-6-18.1.32 2-6-18.1.c
  2⤵
  PID:710
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18.1.64 2-6-18.1.c
  2⤵
  PID:711
- /usr/bin/gcc
  gcc -Wall -o 2-6-18.32 2-6-18.c
  2⤵
  PID:712
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18.64 2-6-18.c
  2⤵
  PID:713
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128-2010.32 2.6.18-128-2010.c
  2⤵
  PID:714
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128-2010.64 2.6.18-128-2010.c
  2⤵
  PID:715
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128-private.32 2.6.18-128-private.c
  2⤵
  PID:716
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128-private.64 2.6.18-128-private.c
  2⤵
  PID:717
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128.32 2.6.18-128.c
  2⤵
  PID:718
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128.64 2.6.18-128.c
  2⤵
  PID:719
- /usr/bin/gcc
  gcc -w -o 2.6.18-128.el5.and.2.6.9-89.EL.32 2.6.18-128.el5.and.2.6.9-89.EL.c
  2⤵
  PID:720
- /usr/bin/gcc
  gcc -w -m64 -o 2.6.18-128.el5.and.2.6.9-89.EL.64 2.6.18-128.el5.and.2.6.9-89.EL.c
  2⤵
  PID:721
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-164-priv.32 2.6.18-164-priv.c
  2⤵
  PID:722
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-164-priv.64 2.6.18-164-priv.c
  2⤵
  PID:723
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-194.32 2.6.18-194.c
  2⤵
  PID:724
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-194.64 2.6.18-194.c
  2⤵
  PID:725
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-20.32 2.6.18-20.c
  2⤵
  PID:726
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-20.64 2.6.18-20.c
  2⤵
  PID:727
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-374.32 2.6.18-374.c
  2⤵
  PID:728
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-374.64 2.6.18-374.c
  2⤵
  PID:729
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-6.32 2.6.18-6.c
  2⤵
  PID:730
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-6.64 2.6.18-6.c
  2⤵
  PID:731
- /usr/bin/gcc
  gcc -o 2.6.18-6.32 2.6.18-6.c
  2⤵
  PID:732
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-6.64 2.6.18-6.c
  2⤵
  PID:733
- /usr/bin/gcc
  gcc -Wall -o 2.6.18.194-privete.32 2.6.18.194-privete.c
  2⤵
  PID:734
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.194-privete.64 2.6.18.194-privete.c
  2⤵
  PID:735
- /usr/bin/gcc
  gcc -Wall -o 2.6.18.2.32 2.6.18.2.c
  2⤵
  PID:736
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.2.64 2.6.18.2.c
  2⤵
  PID:737
- /usr/bin/gcc
  gcc -o 2.6.18.32 2.6.18.c
  2⤵
  PID:738
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.64 2.6.18.c
  2⤵
  PID:739
- /usr/bin/gcc
  gcc -Wall -o 23.2.6.18-20.32 23.2.6.18-20.c
  2⤵
  PID:740
- /usr/bin/gcc
  gcc -Wall -m64 -o 23.2.6.18-20.64 23.2.6.18-20.c
  2⤵
  PID:741
- /usr/bin/gcc
  gcc -Wall -o 2530363.32 2530363.c
  2⤵
  PID:742
- /usr/bin/gcc
  gcc -Wall -m64 -o 2530363.64 2530363.c
  2⤵
  PID:743
- /usr/bin/gcc
  gcc -Wall -o 999.LTE.2.6.37-3.x.x.x86_64.semtex.32 999.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:744
- /usr/bin/gcc
  gcc -Wall -m64 -o 999.LTE.2.6.37-3.x.x.x86_64.semtex.64 999.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:745
- /usr/bin/gcc
  gcc -Wall -o LT.3.8.9.userns_root_sploit.32 LT.3.8.9.userns_root_sploit.c
  2⤵
  PID:746
- /usr/bin/gcc
  gcc -Wall -m64 -o LT.3.8.9.userns_root_sploit.64 LT.3.8.9.userns_root_sploit.c
  2⤵
  PID:747
- /usr/bin/gcc
  gcc -Wall -o abftw.32 abftw.c
  2⤵
  PID:748
- /usr/bin/gcc
  gcc -Wall -m64 -o abftw.64 abftw.c
  2⤵
  PID:749
- /usr/bin/gcc
  gcc -Wall -o sambal.32 sambal.c
  2⤵
  PID:750
- /usr/bin/gcc
  gcc -Wall -m64 -o sambal.64 sambal.c
  2⤵
  PID:751
- /bin/tar
  tar -zxvf CVE-2014-5119.tar.gz
  2⤵
  - Reads runtime system information
  PID:752
- /bin/ls
  ls -al
  2⤵
  - Reads runtime system information
  PID:754

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads