Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    10s
  • max time network
    145s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230831-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    14/10/2023, 03:41

General

  • Target

    cevents.exe

  • Size

    8.1MB

  • MD5

    951c95b7aefb23b3970ed13aa8d1a301

  • SHA1

    75b9924955e775e53ebae22466fa0554be0488ea

  • SHA256

    3d4dd39b2e43fa5723c7f58622e0af5a4abac55d227e6c3063d58a73d46d2949

  • SHA512

    16583e7eafd1a4dc1b5a786972c7cdda86aeb959f96dc9c40f59e6c6e3d15f0d8596172daa0d0fb8b6922f2392d4d3d11e14005c32d74d98c096a4faaa73c342

  • SSDEEP

    98304:NhJgRMkSKX2N5yWurtjLt8GsdFcwLOj9IZGTj+yZ69dB/G9ePiB9X9:NcukSStjLt8Lv/qaO9ePiV

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/cevents.exe
    /tmp/cevents.exe
    1⤵
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    PID:607
    • /bin/sh
      sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
      2⤵
        PID:608
        • /bin/mkdir
          mkdir -p /var/mcut/.data//acesso//tmp/
          3⤵
          • Reads runtime system information
          PID:609
    • /bin/sh
      sh -c "df -h"
      1⤵
        PID:612
        • /bin/df
          df -h
          2⤵
          • Reads runtime system information
          PID:613
      • /bin/sh
        sh -c "ls -lh /dev/disk/by-uuid/"
        1⤵
          PID:614
          • /bin/ls
            ls -lh /dev/disk/by-uuid/
            2⤵
            • Reads runtime system information
            PID:615

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/mcut/.data/.license/DINFO2-cevents.MCU.tmp.writing

          Filesize

          1KB

          MD5

          20341387a67d17d5f263afba9d1338af

          SHA1

          7f3fc058ae4f80dee7a7a02b83b642c34f8014f4

          SHA256

          b17a8d8b4232b5c9a18a16db09257975c08b64df824d914afdcfacad68ad15b2

          SHA512

          8b3166a471284aa974d0c7482b7aa106709ac04cff8bd245e32b8e58b73dcf2eefc4469c145db417f539994d50dbd52833a4e86806e3f465b9545177e48acbf6

        • /var/mcut/.data/.license/licinfo.MCU.tmp.writing

          Filesize

          79B

          MD5

          2c43b574ea04f9897d3cfb07b8feca49

          SHA1

          f997bff2946df0e6d4514ef3a09fafeadeae4cb6

          SHA256

          b49836795a26576e71e6fa1beb84fc7c8acdd9d9bbad574009f8d8c58e4dbfc5

          SHA512

          10f085f847382263daad6793a093fdd2d54bc2a0108a2916fc9b049e600cc57747b5f786e8533cdd1ad5d22028f26b5f53912b9c9a4121e69062060e17e68eed