Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231222-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    26/12/2023, 12:22

General

  • Target

    6e2c640e5ac79fd488978f53fd7b1047

  • Size

    8.2MB

  • MD5

    6e2c640e5ac79fd488978f53fd7b1047

  • SHA1

    7ca2962f444b7e7d3b7278ad9ce74c330e676476

  • SHA256

    38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18

  • SHA512

    ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f

  • SSDEEP

    98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl

Score
6/10

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 2 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/6e2c640e5ac79fd488978f53fd7b1047
    /tmp/6e2c640e5ac79fd488978f53fd7b1047
    1⤵
    • Reads runtime system information
    PID:1610
    • /bin/cat
      cat /proc/version
      2⤵
      • Reads runtime system information
      PID:1614
  • /bin/cat
    cat /proc/cpuinfo
    1⤵
    • Checks CPU configuration
    PID:1615
  • /bin/uname
    uname -a
    1⤵
      PID:1617
    • /usr/bin/getconf
      getconf LONG_BIT
      1⤵
        PID:1621
      • /tmp/6e2c640e5ac79fd488978f53fd7b1047
        "[stealth]"
        1⤵
        • Reads runtime system information
        PID:1622
        • /bin/cat
          cat /proc/version
          2⤵
          • Reads runtime system information
          PID:1626
      • /bin/cat
        cat /proc/cpuinfo
        1⤵
        • Checks CPU configuration
        PID:1627
      • /bin/uname
        uname -a
        1⤵
          PID:1628
        • /usr/bin/getconf
          getconf LONG_BIT
          1⤵
            PID:1629
          • /usr/bin/crontab
            /usr/bin/crontab /tmp/nip9iNeiph5chee
            1⤵
            • Creates/modifies Cron job
            PID:1630

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/.pid

            Filesize

            4B

            MD5

            c7af0926b294e47e52e46cfebe173f20

            SHA1

            948b13c7ba369f02fc29d936c124689877023958

            SHA256

            6d7be37d6aa3665ddca5b4c3ab26e689e4efc1c33bea69ccbaeec6ed49569558

            SHA512

            84ff72624f10220c6960fc1d0fe9bbdd329bdc5b8eeef36d8b31d9f3b78f050f11d21b67839576982d1aa87312a1c19e075d284f7b13d28d87631735d73310e6

          • /tmp/nip9iNeiph5chee

            Filesize

            66B

            MD5

            0cd786e8795a6bb8fe9abdadd72fb4d0

            SHA1

            7df3c6ec506473485d247c37603439386ad28b32

            SHA256

            811f7a6f37581c1ed59ad2b2ab238796e81081b8c9623e0039d22f260511981b

            SHA512

            29bcbb5368719799e746c480a518668a6b7db2e7d60bf2d39ccbabcba5d2f0f82de2517d1daa4cc5399e124c2ca05420e5182e599145824f86c2273f9df22ba7

          • /var/spool/cron/crontabs/tmp.oF2rc0

            Filesize

            260B

            MD5

            0fbe5dd4887936f2e361c277c85ae4e0

            SHA1

            8d0bb687d80592a7e8ad307dab55beb9c0f4fb23

            SHA256

            1bb3eb865e946c2db2f8fdc89220a9259e6ed63f12b6bf11dedb9ca6e77b9f21

            SHA512

            a31ec62155655013e47036acdf12f385032701215c286e2b7d1a131adae15c0165e8a9ce4735ee864949e73dedfeab29cc9058c04ab5663d11adbce52250d0fb