Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
10s -
max time network
145s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230831-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
14/10/2023, 03:41
Static task
static1
Behavioral task
behavioral1
Sample
cevents.exe
Resource
ubuntu1804-amd64-20230831-en
General
-
Target
cevents.exe
-
Size
8.1MB
-
MD5
951c95b7aefb23b3970ed13aa8d1a301
-
SHA1
75b9924955e775e53ebae22466fa0554be0488ea
-
SHA256
3d4dd39b2e43fa5723c7f58622e0af5a4abac55d227e6c3063d58a73d46d2949
-
SHA512
16583e7eafd1a4dc1b5a786972c7cdda86aeb959f96dc9c40f59e6c6e3d15f0d8596172daa0d0fb8b6922f2392d4d3d11e14005c32d74d98c096a4faaa73c342
-
SSDEEP
98304:NhJgRMkSKX2N5yWurtjLt8GsdFcwLOj9IZGTj+yZ69dB/G9ePiB9X9:NcukSStjLt8Lv/qaO9ePiV
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself tkLicOnline 611 -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cevents.exe -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/class/sunxi_info/sys_info cevents.exe -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems mkdir File opened for reading /proc/self/mountinfo df File opened for reading /proc/filesystems ls File opened for reading /proc/version cevents.exe File opened for reading /proc/cmdline cevents.exe
Processes
-
/tmp/cevents.exe/tmp/cevents.exe1⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:607 -
/bin/shsh -c "mkdir -p /var/mcut/.data//acesso//tmp/"2⤵PID:608
-
/bin/mkdirmkdir -p /var/mcut/.data//acesso//tmp/3⤵
- Reads runtime system information
PID:609
-
-
-
/bin/shsh -c "df -h"1⤵PID:612
-
/bin/dfdf -h2⤵
- Reads runtime system information
PID:613
-
-
/bin/shsh -c "ls -lh /dev/disk/by-uuid/"1⤵PID:614
-
/bin/lsls -lh /dev/disk/by-uuid/2⤵
- Reads runtime system information
PID:615
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD520341387a67d17d5f263afba9d1338af
SHA17f3fc058ae4f80dee7a7a02b83b642c34f8014f4
SHA256b17a8d8b4232b5c9a18a16db09257975c08b64df824d914afdcfacad68ad15b2
SHA5128b3166a471284aa974d0c7482b7aa106709ac04cff8bd245e32b8e58b73dcf2eefc4469c145db417f539994d50dbd52833a4e86806e3f465b9545177e48acbf6
-
Filesize
79B
MD52c43b574ea04f9897d3cfb07b8feca49
SHA1f997bff2946df0e6d4514ef3a09fafeadeae4cb6
SHA256b49836795a26576e71e6fa1beb84fc7c8acdd9d9bbad574009f8d8c58e4dbfc5
SHA51210f085f847382263daad6793a093fdd2d54bc2a0108a2916fc9b049e600cc57747b5f786e8533cdd1ad5d22028f26b5f53912b9c9a4121e69062060e17e68eed