Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
152s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
12/02/2024, 03:08
Behavioral task
behavioral1
Sample
1fcb9dd1865984ff120f404b489c16c3ab983deba999b9e1a6de91bb7a6bf2e1.elf
Resource
ubuntu1804-amd64-20231222-en
General
-
Target
1fcb9dd1865984ff120f404b489c16c3ab983deba999b9e1a6de91bb7a6bf2e1.elf
-
Size
70KB
-
MD5
76b3a2df6763858b742c9162154e2b3f
-
SHA1
d16f7055d6fa0b3d2b9fe10002850a4c58eba77f
-
SHA256
1fcb9dd1865984ff120f404b489c16c3ab983deba999b9e1a6de91bb7a6bf2e1
-
SHA512
e23708b3fb0c2294fedf17dfd4b7cd048a87f0fbb22922a0a42cbe9b7b189d52aef56cfd6e9028311b58a7385eb8ea09ea2bcbc895a32104602ae31a237c6be8
-
SSDEEP
1536:6YeoNOKgFKogCOHzad5nNpNOsJmnlmlnuW8nPF70bEMsUnS:77NOzIogpm5nH0DnkEW8PDMsUnS
Malware Config
Signatures
-
Contacts a large (77026) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /usr/bin/dbus-daemon 1584 1fcb9dd1865984ff120f404b489c16c3ab983deba999b9e1a6de91bb7a6bf2e1.elf -
Deletes itself 1 IoCs
pid Process 1584 1fcb9dd1865984ff120f404b489c16c3ab983deba999b9e1a6de91bb7a6bf2e1.elf