Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
152s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13/02/2024, 02:29
Static task
static1
Behavioral task
behavioral1
Sample
1ece636acaaf7c9abe725a65c0a5643e39c34b28615799209efeb23e20bd1f43.elf
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
General
-
Target
1ece636acaaf7c9abe725a65c0a5643e39c34b28615799209efeb23e20bd1f43.elf
-
Size
56KB
-
MD5
fcf8bcea1e71812491dd046d34362ac6
-
SHA1
534a54472bc46c0789e095bb18e27990e8c89bdd
-
SHA256
1ece636acaaf7c9abe725a65c0a5643e39c34b28615799209efeb23e20bd1f43
-
SHA512
179d8974ceb3caac0f62d5e209cc99f28f94f6ea0c46b9daf2e4d5f77668c55e38bdbd9f205c626cbaeeeacc820146d56b0df60bc5cc2732efb89890fa660283
-
SSDEEP
768:vOzMgDQAqe9UUv8iVAbnEKmZbOvBoJ+CX97r5esqZu4Wrogqc9+YlTyPeqFWWWGF:JZCX97MsqerTt9vTyka5X1/H
Malware Config
Signatures
-
Contacts a large (47515) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/28/maps File opened for reading /proc/31/exe File opened for reading /proc/84/exe File opened for reading /proc/416/maps File opened for reading /proc/1130/maps File opened for reading /proc/80/exe File opened for reading /proc/9/maps File opened for reading /proc/82/maps File opened for reading /proc/933/maps File opened for reading /proc/246/maps File opened for reading /proc/481/maps File opened for reading /proc/1148/maps File opened for reading /proc/159/maps File opened for reading /proc/200/maps File opened for reading /proc/1101/maps File opened for reading /proc/942/maps File opened for reading /proc/1133/maps File opened for reading /proc/12/maps File opened for reading /proc/78/maps File opened for reading /proc/85/exe File opened for reading /proc/170/maps File opened for reading /proc/693/maps File opened for reading /proc/15/exe File opened for reading /proc/83/maps File opened for reading /proc/98/maps File opened for reading /proc/1135/maps File opened for reading /proc/27/maps File opened for reading /proc/82/exe File opened for reading /proc/166/maps File opened for reading /proc/631/maps File opened for reading /proc/672/maps File opened for reading /proc/158/exe File opened for reading /proc/799/maps File opened for reading /proc/29/maps File opened for reading /proc/166/exe File opened for reading /proc/1059/maps File opened for reading /proc/1272/maps File opened for reading /proc/83/exe File opened for reading /proc/1084/maps File opened for reading /proc/1173/maps File opened for reading /proc/84/maps File opened for reading /proc/171/exe File opened for reading /proc/172/exe File opened for reading /proc/1003/maps File opened for reading /proc/1045/maps File opened for reading /proc/170/exe File opened for reading /proc/1017/maps File opened for reading /proc/1052/maps File opened for reading /proc/1594/maps File opened for reading /proc/1600/exe File opened for reading /proc/13/exe File opened for reading /proc/160/exe File opened for reading /proc/164/exe File opened for reading /proc/299/maps File opened for reading /proc/1324/maps File opened for reading /proc/1604/maps File opened for reading /proc/1607/maps File opened for reading /proc/4/maps File opened for reading /proc/14/exe File opened for reading /proc/157/maps File opened for reading /proc/160/maps File opened for reading /proc/168/exe File opened for reading /proc/1592/exe File opened for reading /proc/955/maps