Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
153s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
22/12/2023, 14:04
General
-
Target
b5badeb16414cba66999742601c092b8
-
Size
141KB
-
MD5
b5badeb16414cba66999742601c092b8
-
SHA1
cc946b2c2e5cb0b28873c9f7ff4d17ee593fc3c2
-
SHA256
693835ecf1e4cb184b4dc9ce9145bb5ed1ec1840d83df8dc500d3c8d233b46fd
-
SHA512
df35a692d568e579c8affea2b5ce183f323b7bfdacdbb258f7983362684dcf3dd7b8bf70ab641915d9ff45a1f7bef66fcc0873d801f2d4543dcbbb39fe8d2f51
-
SSDEEP
3072:eWj2XFPG3QLoqnl0mGDhtn0B4ANKG7F/8GQxe83RL:esEmmGDDnnANKG7F/8GQxe83RL
Malware Config
Signatures
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies rc script 1 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
-
Writes file to system bin folder 1 TTPs 3 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/b5badeb16414cba66999742601c092b8/tmp/b5badeb16414cba66999742601c092b81⤵
- Creates/modifies Cron job
- Modifies rc script
- Writes file to system bin folder
-
/bin/shsh -c "service crond start"2⤵
-
/usr/sbin/serviceservice crond start3⤵
-
/usr/bin/basenamebasename /usr/sbin/service4⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service4⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show acpid.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show apport-forward.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show avahi-daemon.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show cups.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show dbus.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show saned.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show snapd.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show ssh.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show syslog.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket4⤵
- Reads runtime system information
-
-
/bin/systemctlsystemctl -p Triggers show uuidd.socket4⤵
- Reads runtime system information
-
-
-
/usr/local/sbin/systemctlsystemctl start crond.service3⤵
-
-
/usr/local/bin/systemctlsystemctl start crond.service3⤵
-
-
/usr/sbin/systemctlsystemctl start crond.service3⤵
-
-
/usr/bin/systemctlsystemctl start crond.service3⤵
-
-
/sbin/systemctlsystemctl start crond.service3⤵
-
-
/bin/systemctlsystemctl start crond.service3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "/etc/rc.d/init.d/crond start"2⤵
-
/etc/rc.d/init.d/crond/etc/rc.d/init.d/crond start3⤵
-
-
-
/bin/shsh -c "chmod 777 /bin/b5badeb16414cba66999742601c092b8.sh"2⤵
-
/bin/chmodchmod 777 /bin/b5badeb16414cba66999742601c092b8.sh3⤵
-
-
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Reads runtime system information
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
38B
MD5a703226f99dfe0657ae51dde6619e57a
SHA1a7551613d368d0d61721b75481ce9006a3cf2e6a
SHA2566f6dc41f6e2485e6129169c5024f7c6de371701f08d60405330561dc4881b301
SHA512ce6db43dad806aa4ae0f94bfad79498363a34deda11f328470fe74635f31441a6027162add248bff5a1e0f46885a08ab5e0ad9d9299ecbca14430ff6b4ab4c88
-
Filesize
782B
MD52e7a00b5e47265737061f89cb5a96d72
SHA1647cf1241cf4f7a4e1956076cb6e2f3b48ad8f92
SHA256dd32a5ddc627792bfa7c973edd3316f157f364f45a3de92b47c2281584c1de6a
SHA51279294e6c21b69b78b9cda54fd9e6d769ed8221cf7a8ac1ccc964054b348dab5add50419734485c89d9f48505392510f2068ba2141299049d8197cf9fa892b7cc