Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

64206f3f7d...748a7e

ubuntu-18.04-amd64

5

64206f3f7d...748a7e

debian-9-armhf

5

64206f3f7d...748a7e

debian-9-mips

5

64206f3f7d...748a7e

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    125s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20221111-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    27/11/2022, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64206f3f7d6c962fb9bf49b161e636d8be4bedde1a11d2a0164006aa25748a7e

  • Size

    1KB

  • MD5

    a4bd78f8b9f69b508daca4268dcc66ce

  • SHA1

    02d29ddb69616a0d3d4cf4348f51d3f81f147e67

  • SHA256

    64206f3f7d6c962fb9bf49b161e636d8be4bedde1a11d2a0164006aa25748a7e

  • SHA512

    60ba980e3cd14c0dc71f0b34b8f79cca1d2349569832a526d5b052a78baa3ceec36e6b312876251b019b3371e898d175ba0b8c7e32f8ae9a140fdb9bffa6e3c6

Score
5/10

Malware Config

Signatures

  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 12 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/64206f3f7d6c962fb9bf49b161e636d8be4bedde1a11d2a0164006aa25748a7e
    /tmp/64206f3f7d6c962fb9bf49b161e636d8be4bedde1a11d2a0164006aa25748a7e
    1⤵
    • Writes file to tmp directory
    PID:338
    • /bin/sed
      sed "s/\\/home\\/spender/\\/tmp/g" pwnkernel.c
      2⤵
      • Reads runtime system information
      PID:347
    • /bin/mv
      mv pwnkernel.c pwnkernel2.c
      2⤵
      • Reads runtime system information
      PID:348
    • /bin/mv
      mv pwnkernel1.c pwnkernel.c
      2⤵
      • Reads runtime system information
      PID:349
    • /bin/uname
      uname -p
      2⤵
        PID:350
      • /bin/cat
        cat /proc/sys/vm/mmap_min_addr
        2⤵
        • Reads runtime system information
        PID:351
      • /usr/bin/cc
        cc -fno-stack-protector -fPIC -shared -o exploit.so exploit.c
        2⤵
          PID:352
        • /usr/bin/cc
          cc -o pwnkernel pwnkernel.c
          2⤵
          • Writes file to tmp directory
          PID:353
          • /usr/lib/gcc/mipsel-linux-gnu/6/cc1
            /usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu pwnkernel.c -mel -quiet -dumpbase pwnkernel.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase pwnkernel -o /tmp/ccyfGEGU.s
            3⤵
            • Writes file to tmp directory
            PID:354
          • /usr/bin/as
            as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccL7s5ZX.o /tmp/ccyfGEGU.s
            3⤵
            • Writes file to tmp directory
            PID:355
          • /usr/lib/gcc/mipsel-linux-gnu/6/collect2
            /usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccMFgY3y.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o pwnkernel /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccL7s5ZX.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
            3⤵
            • Writes file to tmp directory
            PID:356
            • /usr/bin/ld
              /usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccMFgY3y.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o pwnkernel /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccL7s5ZX.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o
              4⤵
              • Writes file to tmp directory
              PID:357
        • ./pwnkernel
          ./pwnkernel
          2⤵
            PID:358
          • /bin/mv
            mv -f pwnkernel2.c pwnkernel.c
            2⤵
            • Reads runtime system information
            PID:359
        • /bin/sed
          sed "s/\\//\\\\\\//g"
          1⤵
          • Reads runtime system information
          PID:342
        • /usr/local/sbin/as
          as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccL7s5ZX.o /tmp/ccyfGEGU.s
          1⤵
            PID:355
          • /usr/local/bin/as
            as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccL7s5ZX.o /tmp/ccyfGEGU.s
            1⤵
              PID:355
            • /usr/sbin/as
              as -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccL7s5ZX.o /tmp/ccyfGEGU.s
              1⤵
                PID:355

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads