0426965c1d3414d3f98e2a7b939b9173f620416929a902ec6b1aa4933b5b5d1d

Analysis

max time kernel
155s
max time network
159s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-12-2023 22:55

Target

3508a417d997601577256717987e5056
Size

136KB
MD5

3508a417d997601577256717987e5056
SHA1

d5474fdc5cac03efbe00213c2e54939517199bea
SHA256

0426965c1d3414d3f98e2a7b939b9173f620416929a902ec6b1aa4933b5b5d1d
SHA512

0b82ca8ec972e9a358ef19c17fa682cb419a999568a6f0cdd13fe1d84f943ed8040f23ae9167027c4e0ef087c15a181e169c0e220181848e1f740a87e04b6243
SSDEEP

3072:09wxeRttr9s6JJPj/lHhuv5UgMBphatPF7Qv8xCoMTeSiOUUuNeZT3uuYLC:uRdHh05ophatPFucC9TBiOUUuNeZT3uU

Score

9^/10

discovery

Contacts a large (23688) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1604	3508a417d997601577256717987e5056

/tmp/3508a417d997601577256717987e5056
/tmp/3508a417d997601577256717987e5056
1⤵
- Changes its process name
PID:1604

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact