Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
137s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230621-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
04/07/2023, 17:13
Behavioral task
behavioral1
Sample
x86-20230704-1712.elf
Resource
ubuntu1804-amd64-20230621-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
x86-20230704-1712.elf
-
Size
40KB
-
MD5
e45295c8a17f5ad4fede43df1f7ecd1d
-
SHA1
edd4f5b4d4639e02590aa44e33bae0a459b7e24c
-
SHA256
8a7bb78648dd52e21303d7032780e2c09ea9bc5e36232f8c78034a83a2db76ac
-
SHA512
4be5789421c64642ad577cb021bb2642b3752ebec4b508b8186ca001012bec1696c04a7e80dac0dfded8584b4d9689c7c99c2bd42684ca562d509ed1b440071f
-
SSDEEP
768:xMlB2zs8ssGfrRI6aQ2nEenz3q8uDOycM3U95VlVs:YYzs8ssGfrRI6aVnEeDWOrMErVla
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 634 x86-20230704-1712.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/34/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/175/cmdline File opened for reading /proc/203/cmdline File opened for reading /proc/262/cmdline File opened for reading /proc/604/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/113/cmdline File opened for reading /proc/177/cmdline File opened for reading /proc/178/cmdline File opened for reading /proc/631/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/83/cmdline File opened for reading /proc/116/cmdline File opened for reading /proc/312/cmdline File opened for reading /proc/173/cmdline File opened for reading /proc/174/cmdline File opened for reading /proc/204/cmdline File opened for reading /proc/630/cmdline File opened for reading /proc/637/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/170/cmdline File opened for reading /proc/171/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/253/cmdline File opened for reading /proc/394/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/30/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/469/cmdline File opened for reading /proc/471/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/81/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/479/cmdline File opened for reading /proc/623/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/32/cmdline File opened for reading /proc/169/cmdline File opened for reading /proc/410/cmdline File opened for reading /proc/634/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/84/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/311/cmdline File opened for reading /proc/172/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/79/cmdline