f6f6e34e93c4ec191807819bd0a3e18fe91bd390ec6c67fadc970d01c25f517b

Analysis

max time kernel
0s
max time network
133s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-02-2024 03:37

Target

a81e88086302f6fe5c8338fe7e264822
Size

4.5MB
MD5

a81e88086302f6fe5c8338fe7e264822
SHA1

d259d1e9af05a2b60ad47376c7bbb77772140486
SHA256

f6f6e34e93c4ec191807819bd0a3e18fe91bd390ec6c67fadc970d01c25f517b
SHA512

a8db98904f88858b2044715ebeb716751c565e6e2f0a5f00776a692f3aa75c117c3e12281b5f55f21de87a6a7afebc2a0d25ac2ae47f5cfb00869d7b11a5516f
SSDEEP

49152:m7aCJZz5RkMzbq4qxjqryOtDwUT2SVD3uv2FgyhrLRkAHw1Gjg+A:mbJZPRbqkyOtDpT/Ck0+A

Score

3^/10

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

a81e88086302f6fe5c8338fe7e264822

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size a81e88086302f6fe5c8338fe7e264822

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	a81e88086302f6fe5c8338fe7e264822

/tmp/a81e88086302f6fe5c8338fe7e264822
/tmp/a81e88086302f6fe5c8338fe7e264822
1⤵
- Enumerates kernel/hardware configuration
PID:1578

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact