20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987

Analysis

max time kernel
0s
max time network
128s
platform
debian-9_armhf
resource
debian9-armhf-20221111-en
resource tags

arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
24/11/2022, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
Size

5KB
MD5

06573b97f6ce7087309c52a24b3fd5d4
SHA1

9971a1324ea973e4c19065cf28e1144d8afe99ef
SHA256

20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
SHA512

907b0fefe3580512acf8c9bcdf0e33a57738403fb9baef409484b5f9f1c42d4dfe6882f0a0d86bf4fcc8f8dec81aea75f008cc7a37eb18c86f429a7af91d67de
SSDEEP

96:VzalhcpOOQAnPGHhgmft8ryw/wBbaVYdIPd9aBqBZ6tspGU5qtkLQxkhV4x/EG3D:kc5QAqgm1yya0buwc0seoG4+uEYVK/Hz

Score

5^/10

Malware Config

Signatures

Reads runtime system information 17 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	tar
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	ls
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mv
/proc/filesystems	/proc/filesystems	mkdir

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987	/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987	20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987

/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
/tmp/20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987
1⤵
- Writes file to tmp directory
PID:353
- /bin/tar
  tar -xzvf f00c0d3.tar.gz
  2⤵
  - Reads runtime system information
  PID:356
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:361
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:362
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:363
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:364
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:365
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:366
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:367
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:368
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:369
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:370
- /bin/mv
  mv 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD /tmp
  2⤵
  - Reads runtime system information
  PID:371
- /bin/mv
  mv udev udev1
  2⤵
  - Reads runtime system information
  PID:372
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:373
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:374
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:375
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:376
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:377
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:378
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:379
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:380
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:382
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:383
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:385
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:386
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:387
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:388
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:389
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:390
- /bin/chmod
  chmod +x 20c32ad6e0392d3e664fe8c82649552bdf094b14c5585267a044dc4fdcc5e987 systemd-private-3ca7c509335740d2b9546c90cd182975-systemd-timesyncd.service-nvSslD
  2⤵
  PID:391
- /bin/mv
  mv getterm /tmp/zd/getterm
  2⤵
  - Reads runtime system information
  PID:392
- /usr/bin/gcc
  gcc apple.c -o apple
  2⤵
  PID:393
- /usr/bin/gcc
  gcc full-nelson-fixed.c -o full-nelson-fixed1
  2⤵
  PID:394
- /usr/bin/gcc
  gcc payload.c -o payload
  2⤵
  PID:395
- /usr/bin/gcc
  gcc ptrace_attach-fixed.c -o ptrace_attach-fixed
  2⤵
  PID:396
- /usr/bin/gcc
  gcc rds-fixed.c -o rds-fixed1
  2⤵
  PID:397
- /usr/bin/gcc
  gcc -o udpsendmsg-fixed udpsendmsg-fixed.c
  2⤵
  PID:398
- /usr/bin/gcc
  gcc 0x82.c -o 0x821
  2⤵
  PID:399
- /usr/bin/gcc
  gcc 0x82-simple.c -o 0x82-simple1
  2⤵
  PID:400
- /usr/bin/gcc
  gcc linux-sendpage.c -o linux-sendpage1
  2⤵
  PID:401
- /usr/bin/gcc
  gcc udp_sendmsg.c -o udp_sendmsg1
  2⤵
  PID:402
- /usr/bin/gcc
  gcc 32.c -o 321
  2⤵
  PID:403
- /usr/bin/gcc
  gcc andi.c -o andi1
  2⤵
  PID:404
- /usr/bin/gcc
  gcc exploit.c -o exploit1
  2⤵
  PID:405
- /usr/bin/gcc
  gcc ppc.c -o ppc1
  2⤵
  PID:406
- /usr/bin/gcc
  gcc simple.c -o simple1
  2⤵
  PID:407
- /usr/bin/gcc
  gcc 2.6.31-2010.c -o 2.6.31-2010
  2⤵
  PID:408
- /usr/bin/gcc
  gcc ab.c -o ab
  2⤵
  PID:409
- /usr/bin/gcc
  gcc american-sign-language.c -o american-sign-language
  2⤵
  PID:410
- /usr/bin/gcc
  gcc caps-to-root2.c -o caps-to-root2
  2⤵
  PID:411
- /usr/bin/gcc
  gcc CVE-2010-2963.c -o CVE-2010-2963
  2⤵
  PID:412
- /usr/bin/gcc
  gcc cve-2010-3437.c -o cve-2010-3437
  2⤵
  PID:413
- /usr/bin/gcc
  gcc CVE-2010-3904.c -o CVE-2010-3904
  2⤵
  PID:414
- /usr/bin/gcc
  gcc full-nelson.c -o full-nelson
  2⤵
  PID:415
- /usr/bin/gcc
  gcc i-can-haz-modharden.c -o i-can-haz-modharden
  2⤵
  PID:416
- /usr/bin/gcc
  gcc robert_you_suck.c -o robert_you_suck
  2⤵
  PID:417
- /usr/bin/gcc
  gcc setup_arg_pages.c -o setup_arg_pages
  2⤵
  PID:418
- /bin/mv
  mv /tmp/sh/0.sh /tmp/f00c0d3/0/0.sh
  2⤵
  - Reads runtime system information
  PID:419
- /bin/mv
  mv /tmp/sh/1.sh /tmp/f00c0d3/1/1.sh
  2⤵
  - Reads runtime system information
  PID:420
- /bin/mv
  mv /tmp/sh/2.sh /tmp/f00c0d3/2/2.sh
  2⤵
  - Reads runtime system information
  PID:421
- /bin/mv
  mv /tmp/sh/3.sh /tmp/f00c0d3/3/3.sh
  2⤵
  - Reads runtime system information
  PID:422
- /bin/mv
  mv /tmp/sh/c.sh /tmp/f00c0d3/c/c.sh
  2⤵
  - Reads runtime system information
  PID:423
- /bin/mv
  mv /tmp/sh/fcm.sh /tmp/f00c0d3/fcm.sh
  2⤵
  - Reads runtime system information
  PID:424
- /bin/mkdir
  mkdir e
  2⤵
  - Reads runtime system information
  PID:425
- /bin/mv
  mv e.tar.gz e
  2⤵
  - Reads runtime system information
  PID:426
- /bin/tar
  tar -xzvf e.tar.gz
  2⤵
  - Reads runtime system information
  PID:427
- /usr/bin/gcc
  gcc -O2 -o fs2 fs1.c
  2⤵
  PID:429
- /usr/bin/gcc
  gcc fsn.c -o fsz
  2⤵
  PID:430
- /bin/mv
  mv /tmp/sh/testm.pl /tmp/e
  2⤵
  - Reads runtime system information
  PID:431
- /bin/mv
  mv /tmp/sh/e.sh /tmp/e
  2⤵
  - Reads runtime system information
  PID:432
- /bin/chmod
  chmod +x "*"
  2⤵
  PID:433
- /usr/bin/gcc
  gcc -Wall -o 02.x86_845.32 02.x86_845.c
  2⤵
  PID:434
- /usr/bin/gcc
  gcc -Wall -m64 -o 02.x86_845.64 02.x86_845.c
  2⤵
  PID:435
- /usr/bin/gcc
  gcc -Wall -o 03.2.6.3.any-x86_64.32 03.2.6.3.any-x86_64.c
  2⤵
  PID:436
- /usr/bin/gcc
  gcc -Wall -m64 -o 03.2.6.3.any-x86_64.64 03.2.6.3.any-x86_64.c
  2⤵
  PID:437
- /usr/bin/gcc
  gcc 08.LTE.3.0.alpha-omega.c -o alpha-omega
  2⤵
  PID:438
- /usr/bin/gcc
  gcc -Wall -m64 -o alpha-omega.64 08.LTE.3.0.alpha-omega.c
  2⤵
  PID:439
- /usr/bin/gcc
  gcc -Wall -o 09.2.6.18-128-1.32 09.2.6.18-128-1.c
  2⤵
  PID:440
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.2.6.18-128-1.64 09.2.6.18-128-1.c
  2⤵
  PID:441
- /usr/bin/gcc
  gcc -Wall -o 09.LT.3.8.9.x86_64.32 09.LT.3.8.9.x86_64.c
  2⤵
  PID:442
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.LT.3.8.9.x86_64.64 09.LT.3.8.9.x86_64.c
  2⤵
  PID:443
- /usr/bin/gcc
  gcc -O2 09.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:444
- /usr/bin/gcc
  gcc -Wall -m64 -o 09.LTE.2.6.37-3.x.x.x86_64.semtex.64 09.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:445
- /usr/bin/gcc
  gcc -Wall -o 10.2.6.18-128-1.linux-sendpage.32 10.2.6.18-128-1.linux-sendpage.c
  2⤵
  PID:446
- /usr/bin/gcc
  gcc -Wall -m64 -o 10.2.6.18-128-1.linux-sendpage.64 10.2.6.18-128-1.linux-sendpage.c
  2⤵
  PID:447
- /usr/bin/gcc
  gcc -Wall -o 2-6-18-164-194.LocalRoot.32 2-6-18-164-194.LocalRoot.c
  2⤵
  PID:448
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18-164-194.LocalRoot.64 2-6-18-164-194.LocalRoot.c
  2⤵
  PID:449
- /usr/bin/gcc
  gcc -Wall -o 2-6-18.1.32 2-6-18.1.c
  2⤵
  PID:450
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18.1.64 2-6-18.1.c
  2⤵
  PID:451
- /usr/bin/gcc
  gcc -Wall -o 2-6-18.32 2-6-18.c
  2⤵
  PID:452
- /usr/bin/gcc
  gcc -Wall -m64 -o 2-6-18.64 2-6-18.c
  2⤵
  PID:453
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128-2010.32 2.6.18-128-2010.c
  2⤵
  PID:454
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128-2010.64 2.6.18-128-2010.c
  2⤵
  PID:455
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128-private.32 2.6.18-128-private.c
  2⤵
  PID:456
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128-private.64 2.6.18-128-private.c
  2⤵
  PID:457
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-128.32 2.6.18-128.c
  2⤵
  PID:458
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-128.64 2.6.18-128.c
  2⤵
  PID:459
- /usr/bin/gcc
  gcc -w -o 2.6.18-128.el5.and.2.6.9-89.EL.32 2.6.18-128.el5.and.2.6.9-89.EL.c
  2⤵
  PID:460
- /usr/bin/gcc
  gcc -w -m64 -o 2.6.18-128.el5.and.2.6.9-89.EL.64 2.6.18-128.el5.and.2.6.9-89.EL.c
  2⤵
  PID:461
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-164-priv.32 2.6.18-164-priv.c
  2⤵
  PID:462
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-164-priv.64 2.6.18-164-priv.c
  2⤵
  PID:463
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-194.32 2.6.18-194.c
  2⤵
  PID:464
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-194.64 2.6.18-194.c
  2⤵
  PID:465
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-20.32 2.6.18-20.c
  2⤵
  PID:466
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-20.64 2.6.18-20.c
  2⤵
  PID:467
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-374.32 2.6.18-374.c
  2⤵
  PID:468
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-374.64 2.6.18-374.c
  2⤵
  PID:469
- /usr/bin/gcc
  gcc -Wall -o 2.6.18-6.32 2.6.18-6.c
  2⤵
  PID:470
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-6.64 2.6.18-6.c
  2⤵
  PID:471
- /usr/bin/gcc
  gcc -o 2.6.18-6.32 2.6.18-6.c
  2⤵
  PID:472
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18-6.64 2.6.18-6.c
  2⤵
  PID:473
- /usr/bin/gcc
  gcc -Wall -o 2.6.18.194-privete.32 2.6.18.194-privete.c
  2⤵
  PID:474
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.194-privete.64 2.6.18.194-privete.c
  2⤵
  PID:475
- /usr/bin/gcc
  gcc -Wall -o 2.6.18.2.32 2.6.18.2.c
  2⤵
  PID:476
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.2.64 2.6.18.2.c
  2⤵
  PID:477
- /usr/bin/gcc
  gcc -o 2.6.18.32 2.6.18.c
  2⤵
  PID:478
- /usr/bin/gcc
  gcc -Wall -m64 -o 2.6.18.64 2.6.18.c
  2⤵
  PID:479
- /usr/bin/gcc
  gcc -Wall -o 23.2.6.18-20.32 23.2.6.18-20.c
  2⤵
  PID:480
- /usr/bin/gcc
  gcc -Wall -m64 -o 23.2.6.18-20.64 23.2.6.18-20.c
  2⤵
  PID:481
- /usr/bin/gcc
  gcc -Wall -o 2530363.32 2530363.c
  2⤵
  PID:482
- /usr/bin/gcc
  gcc -Wall -m64 -o 2530363.64 2530363.c
  2⤵
  PID:483
- /usr/bin/gcc
  gcc -Wall -o 999.LTE.2.6.37-3.x.x.x86_64.semtex.32 999.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:484
- /usr/bin/gcc
  gcc -Wall -m64 -o 999.LTE.2.6.37-3.x.x.x86_64.semtex.64 999.LTE.2.6.37-3.x.x.x86_64.semtex.c
  2⤵
  PID:485
- /usr/bin/gcc
  gcc -Wall -o LT.3.8.9.userns_root_sploit.32 LT.3.8.9.userns_root_sploit.c
  2⤵
  PID:486
- /usr/bin/gcc
  gcc -Wall -m64 -o LT.3.8.9.userns_root_sploit.64 LT.3.8.9.userns_root_sploit.c
  2⤵
  PID:487
- /usr/bin/gcc
  gcc -Wall -o abftw.32 abftw.c
  2⤵
  PID:488
- /usr/bin/gcc
  gcc -Wall -m64 -o abftw.64 abftw.c
  2⤵
  PID:489
- /usr/bin/gcc
  gcc -Wall -o sambal.32 sambal.c
  2⤵
  PID:490
- /usr/bin/gcc
  gcc -Wall -m64 -o sambal.64 sambal.c
  2⤵
  PID:491
- /bin/tar
  tar -zxvf CVE-2014-5119.tar.gz
  2⤵
  - Reads runtime system information
  PID:493
- /bin/ls
  ls -al
  2⤵
  - Reads runtime system information
  PID:496

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads