Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ChrisTitus...rch.sh

ubuntu-18.04-amd64

8

ChrisTitus...rch.sh

debian-9-armhf

8

ChrisTitus...rch.sh

debian-9-mips

8

ChrisTitus...rch.sh

debian-9-mipsel

8

ChrisTitus...deb.sh

ubuntu-18.04-amd64

7

ChrisTitus...deb.sh

debian-9-armhf

5

ChrisTitus...deb.sh

debian-9-mips

5

ChrisTitus...deb.sh

debian-9-mipsel

5

ChrisTitus...it.ps1

windows7-x64

1

ChrisTitus...it.ps1

windows10-2004-x64

1

ChrisTitus...on.ps1

windows7-x64

1

ChrisTitus...on.ps1

windows10-2004-x64

1

ChrisTitus...ds.ps1

windows7-x64

8

ChrisTitus...ds.ps1

windows10-2004-x64

8

ChrisTitus...os.ps1

windows7-x64

8

ChrisTitus...os.ps1

windows10-2004-x64

8

ChrisTitus...py.ps1

windows7-x64

1

ChrisTitus...py.ps1

windows10-2004-x64

1

ChrisTitus...or.cmd

windows7-x64

1

ChrisTitus...or.cmd

windows10-2004-x64

1

ChrisTitus...at.ps1

windows7-x64

10

ChrisTitus...at.ps1

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    28/12/2022, 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh

  • Size

    35KB

  • MD5

    5e42a9d6ef515bc7d42c3875613c3a5a

  • SHA1

    e9a97f3130a136626731bcce2854a284911b1542

  • SHA256

    fa3522c916ac271a9eec4db52528c5fdbf10e32d635160fe61b8cbdc880bc695

  • SHA512

    cbe882034a122c7cf7a6f962b9cbf963cb915613624dbf71128ac87fcb63986f110f5a2545e32331bcab8b2049015b9f69534d4c14bab9eb92e714edda2c5872

  • SSDEEP

    192:RtVC966RFNxExiROI57EGe3imWH5zI2noiB3BsJYT5YafAFlm6ubYxh+Z724zRUs:s66XbrnWe6ubYrTw8Wjao+vrjAx

Score
7/10

Malware Config

Signatures

  • Write file to user bin folder 1 TTPs 7 IoCs
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
    "/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh"
    1⤵
    • Writes file to tmp directory
    PID:577
    • /usr/bin/lsb_release
      lsb_release -sd
      2⤵
      • Write file to user bin folder
      PID:578
    • /usr/bin/lsb_release
      lsb_release -sc
      2⤵
      • Write file to user bin folder
      PID:579
    • /usr/bin/lsb_release
      lsb_release -sr
      2⤵
      • Write file to user bin folder
      PID:580
    • /usr/bin/xdg-user-dir
      xdg-user-dir DOWNLOAD
      2⤵
      • Write file to user bin folder
      PID:581
    • /bin/echo
      /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
      2⤵
        PID:582
      • /bin/echo
        /bin/echo -e "\\e[1;36m ! xrdp-installer-1.3 Script !\\e[0m"
        2⤵
          PID:583
        • /bin/echo
          /bin/echo -e "\\e[1;36m ! Support Ubuntu and Debian Distribution !\\e[0m"
          2⤵
            PID:584
          • /bin/echo
            /bin/echo -e "\\e[1;36m ! Written by Griffon - October 2021 - www.c-nergy.be !\\e[0m"
            2⤵
              PID:585
            • /bin/echo
              /bin/echo -e "\\e[1;36m ! !\\e[0m"
              2⤵
                PID:586
              • /bin/echo
                /bin/echo -e "\\e[1;36m ! For Help and Syntax, type ./xrdp-installer-1.3.sh -h !\\e[0m"
                2⤵
                  PID:591
                • /bin/echo
                  /bin/echo -e "\\e[1;36m ! !\\e[0m"
                  2⤵
                    PID:592
                  • /bin/echo
                    /bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"
                    2⤵
                      PID:593
                    • /bin/echo
                      /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
                      2⤵
                        PID:594
                      • /bin/echo
                        /bin/echo -e "\\e[1;31m ! Script launched with sudo command. Script will not run... !\\e[0m"
                        2⤵
                          PID:595
                        • /bin/echo
                          /bin/echo -e "\\e[1;31m ! Run script a standard user account (no sudo). When needed !\\e[0m"
                          2⤵
                            PID:596
                          • /bin/echo
                            /bin/echo -e "\\e[1;31m ! script will be prompted for password during execution !\\e[0m"
                            2⤵
                              PID:597
                            • /bin/echo
                              /bin/echo -e "\\e[1;31m ! !\\e[0m"
                              2⤵
                                PID:598
                              • /bin/echo
                                /bin/echo -e "\\e[1;31m ! Exiting Script - No Install Performed !!! !\\e[0m"
                                2⤵
                                  PID:599
                                • /bin/echo
                                  /bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"
                                  2⤵
                                    PID:600

                                Network

                                MITRE ATT&CK Enterprise v6

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads