Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10ChrisTitus...rch.sh
ubuntu-18.04-amd64
8ChrisTitus...rch.sh
debian-9-armhf
8ChrisTitus...rch.sh
debian-9-mips
8ChrisTitus...rch.sh
debian-9-mipsel
8ChrisTitus...deb.sh
ubuntu-18.04-amd64
7ChrisTitus...deb.sh
debian-9-armhf
5ChrisTitus...deb.sh
debian-9-mips
5ChrisTitus...deb.sh
debian-9-mipsel
5ChrisTitus...it.ps1
windows7-x64
1ChrisTitus...it.ps1
windows10-2004-x64
1ChrisTitus...on.ps1
windows7-x64
1ChrisTitus...on.ps1
windows10-2004-x64
1ChrisTitus...ds.ps1
windows7-x64
8ChrisTitus...ds.ps1
windows10-2004-x64
8ChrisTitus...os.ps1
windows7-x64
8ChrisTitus...os.ps1
windows10-2004-x64
8ChrisTitus...py.ps1
windows7-x64
1ChrisTitus...py.ps1
windows10-2004-x64
1ChrisTitus...or.cmd
windows7-x64
1ChrisTitus...or.cmd
windows10-2004-x64
1ChrisTitus...at.ps1
windows7-x64
10ChrisTitus...at.ps1
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
103s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28/12/2022, 14:33
Static task
static1
Behavioral task
behavioral1
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/arch.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral2
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/arch.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral3
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/arch.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral4
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/arch.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral5
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral6
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral7
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral8
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral9
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/vm-gpusplit.ps1
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/vm-gpusplit.ps1
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/vm-setresolution.ps1
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/vm-setresolution.ps1
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/block-ads.ps1
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/block-ads.ps1
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/block-eos.ps1
Resource
win7-20221111-en
Behavioral task
behavioral16
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/block-eos.ps1
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/robocopy.ps1
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/robocopy.ps1
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/spotlightimageextractor.cmd
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/Individual Scripts/spotlightimageextractor.cmd
Resource
win10v2004-20221111-en
Behavioral task
behavioral21
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/old-win10debloat.ps1
Resource
win7-20220812-en
Behavioral task
behavioral22
Sample
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/old-win10debloat.ps1
Resource
win10v2004-20220812-en
General
-
Target
ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh
-
Size
35KB
-
MD5
5e42a9d6ef515bc7d42c3875613c3a5a
-
SHA1
e9a97f3130a136626731bcce2854a284911b1542
-
SHA256
fa3522c916ac271a9eec4db52528c5fdbf10e32d635160fe61b8cbdc880bc695
-
SHA512
cbe882034a122c7cf7a6f962b9cbf963cb915613624dbf71128ac87fcb63986f110f5a2545e32331bcab8b2049015b9f69534d4c14bab9eb92e714edda2c5872
-
SSDEEP
192:RtVC966RFNxExiROI57EGe3imWH5zI2noiB3BsJYT5YafAFlm6ubYxh+Z724zRUs:s66XbrnWe6ubYrTw8Wjao+vrjAx
Malware Config
Signatures
-
Write file to user bin folder 1 TTPs 7 IoCs
description ioc Process /usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg lsb_release /usr/bin/lsb_release /usr/bin/lsb_release lsb_release /usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg lsb_release /usr/bin/lsb_release /usr/bin/lsb_release lsb_release /usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg lsb_release /usr/bin/lsb_release /usr/bin/lsb_release lsb_release /usr/bin/xdg-user-dir /usr/bin/xdg-user-dir xdg-user-dir -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh /tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh deb.sh
Processes
-
/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh"/tmp/ChrisTitusTech_debloatWin10_elQueAnda/cttscript/HyperV Tools/deb.sh"1⤵
- Writes file to tmp directory
PID:577 -
/usr/bin/lsb_releaselsb_release -sd2⤵
- Write file to user bin folder
PID:578
-
-
/usr/bin/lsb_releaselsb_release -sc2⤵
- Write file to user bin folder
PID:579
-
-
/usr/bin/lsb_releaselsb_release -sr2⤵
- Write file to user bin folder
PID:580
-
-
/usr/bin/xdg-user-dirxdg-user-dir DOWNLOAD2⤵
- Write file to user bin folder
PID:581
-
-
/bin/echo/bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"2⤵PID:582
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! xrdp-installer-1.3 Script !\\e[0m"2⤵PID:583
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! Support Ubuntu and Debian Distribution !\\e[0m"2⤵PID:584
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! Written by Griffon - October 2021 - www.c-nergy.be !\\e[0m"2⤵PID:585
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! !\\e[0m"2⤵PID:586
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! For Help and Syntax, type ./xrdp-installer-1.3.sh -h !\\e[0m"2⤵PID:591
-
-
/bin/echo/bin/echo -e "\\e[1;36m ! !\\e[0m"2⤵PID:592
-
-
/bin/echo/bin/echo -e "\\e[1;36m !-----------------------------------------------------------------!\\e[0m"2⤵PID:593
-
-
/bin/echo/bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"2⤵PID:594
-
-
/bin/echo/bin/echo -e "\\e[1;31m ! Script launched with sudo command. Script will not run... !\\e[0m"2⤵PID:595
-
-
/bin/echo/bin/echo -e "\\e[1;31m ! Run script a standard user account (no sudo). When needed !\\e[0m"2⤵PID:596
-
-
/bin/echo/bin/echo -e "\\e[1;31m ! script will be prompted for password during execution !\\e[0m"2⤵PID:597
-
-
/bin/echo/bin/echo -e "\\e[1;31m ! !\\e[0m"2⤵PID:598
-
-
/bin/echo/bin/echo -e "\\e[1;31m ! Exiting Script - No Install Performed !!! !\\e[0m"2⤵PID:599
-
-
/bin/echo/bin/echo -e "\\e[1;31m !-------------------------------------------------------------!\\e[0m"2⤵PID:600
-