124d2f5633e8c2917ce7fe7105ccb39ac6710287058d606603bdeb09e31c35ab

Analysis

max time kernel
152s
max time network
155s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231215-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
20-12-2023 04:00

Target

824e4ced3192988fd94193ad19d23ad0
Size

158KB
MD5

824e4ced3192988fd94193ad19d23ad0
SHA1

1bb5034396c1db38c8d4e2b630383f8090932495
SHA256

124d2f5633e8c2917ce7fe7105ccb39ac6710287058d606603bdeb09e31c35ab
SHA512

efc16c4a2736c53684465d0a836ec4b00530912ba4a160bd9c3a24bd2cfe646cc9531cd95e05eabe17577e1a96a503c2c1852914c4b1449372263be1221226d6
SSDEEP

3072:oEn8VCjypfwF0pdv5wxHFtXzllWSSphattwy8QXwdzIMiBglUuNeWT3uuYLC:TsdYHFpzSphattwy8Q4OBCUuNeWT3uu1

Score

9^/10

discovery

Contacts a large (25131) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Changes its process name 1 IoCs

description	pid	Process
Changes the process name, possibly in an attempt to hide itself	1531	824e4ced3192988fd94193ad19d23ad0

/tmp/824e4ced3192988fd94193ad19d23ad0
/tmp/824e4ced3192988fd94193ad19d23ad0
1⤵
- Changes its process name
PID:1531

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact