Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

1

e603944ace...bf2f05

ubuntu-18.04-amd64

9

e603944ace...bf2f05

debian-9-armhf

9

e603944ace...bf2f05

debian-9-mips

9

e603944ace...bf2f05

debian-9-mipsel

9

Analysis

  • max time kernel
    0s
  • max time network
    126s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    05/02/2023, 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e603944aceb5c0885a8627de12f36b159bbf2f05

  • Size

    3KB

  • MD5

    d0d36f169f1458806053aae482af5010

  • SHA1

    e603944aceb5c0885a8627de12f36b159bbf2f05

  • SHA256

    10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459

  • SHA512

    982abe39731d8cc852c25650740ff73975c10d19027eccf610401260e2f508334f1de656f8dd332fa698dccc9f7d3bda610c8b9e84d276036a6e9408d826229a

Score
9/10

Malware Config

Signatures

  • Writes file to system bin folder 1 TTPs 1 IoCs
  • Reads CPU attributes 1 TTPs 2 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 8 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
    /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
    1⤵
    • Writes file to tmp directory
    PID:363
    • /bin/chmod
      chmod +x /tmp//encrypt
      2⤵
        PID:378
      • /usr/bin/find
        find /usr/lib/vmware -type f -name index.html
        2⤵
        • Reads runtime system information
        PID:383
      • /bin/mv
        mv /etc/motd /etc/motd1
        2⤵
        • Reads runtime system information
        PID:384
      • /bin/cp
        cp /tmp//motd /etc/motd
        2⤵
          PID:385
        • /bin/find
          /bin/find / -name "*.log" -exec /bin/rm -rf "{}" ";"
          2⤵
            PID:386
          • /bin/rm
            /bin/rm -f /store/packages/vmtools.py
            2⤵
              PID:396
            • /bin/touch
              /bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/vmware/rhttpproxy/endpoints.conf
              2⤵
                PID:397
              • /bin/touch
                /bin/touch -r /etc/vmware/rhttpproxy/config.xml /bin/hostd-probe.sh
                2⤵
                  PID:398
                • /bin/touch
                  /bin/touch -r /etc/vmware/rhttpproxy/config.xml /etc/rc.local.d/local.sh
                  2⤵
                    PID:399
                  • /bin/rm
                    /bin/rm -f /tmp/encrypt /tmp/nohup.out /tmp/index.html /tmp/motd /tmp/public.pem /tmp/archieve.zip
                    2⤵
                    • Writes file to tmp directory
                    PID:400
                  • /bin/sh
                    /bin/sh /bin/auto-backup.sh
                    2⤵
                    • Writes file to system bin folder
                    PID:401
                  • /bin/rm
                    /bin/rm -- /tmp/e603944aceb5c0885a8627de12f36b159bbf2f05
                    2⤵
                    • Writes file to tmp directory
                    PID:402
                  • /etc/init.d/SSH
                    /etc/init.d/SSH start
                    2⤵
                      PID:403
                  • /bin/grep
                    grep "Config File"
                    1⤵
                      PID:368
                    • /usr/bin/awk
                      awk "{print \$3}"
                      1⤵
                        PID:370
                      • /bin/ps
                        ps
                        1⤵
                        • Reads CPU attributes
                        • Reads runtime system information
                        PID:375
                      • /bin/grep
                        grep vmx
                        1⤵
                          PID:376
                        • /usr/bin/awk
                          awk "{print \$2}"
                          1⤵
                            PID:377
                          • /bin/grep
                            grep /vmfs/volumes/
                            1⤵
                              PID:381
                            • /usr/bin/awk
                              awk "-F " "{print \$2}"
                              1⤵
                                PID:382
                              • /bin/grep
                                /bin/grep encrypt
                                1⤵
                                  PID:389
                                • /bin/ps
                                  /bin/ps
                                  1⤵
                                  • Reads CPU attributes
                                  • Reads runtime system information
                                  PID:388
                                • /bin/grep
                                  /bin/grep -v grep
                                  1⤵
                                    PID:390
                                  • /bin/wc
                                    /bin/wc -l
                                    1⤵
                                      PID:391
                                    • /bin/vmware
                                      /bin/vmware -l
                                      1⤵
                                        PID:393
                                      • /bin/grep
                                        /bin/grep " 7."
                                        1⤵
                                          PID:394
                                        • /bin/wc
                                          /bin/wc -l
                                          1⤵
                                            PID:395

                                          Network

                                          MITRE ATT&CK Enterprise v6

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads