Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
07/03/2024, 02:19
Behavioral task
behavioral1
Sample
65ff40099d3a49d96d8cd4fa0d8859002e2bb2901890f5afcf74e155fd676689.elf
Resource
ubuntu2004-amd64-20240221-en
ubuntu-20.04-amd64
General
-
Target
65ff40099d3a49d96d8cd4fa0d8859002e2bb2901890f5afcf74e155fd676689.elf
-
Size
95KB
-
MD5
817de5d809f87e187400a823a9dc42dc
-
SHA1
8529a538d67ffb7a0a6c884acdb0474e25ca8910
-
SHA256
65ff40099d3a49d96d8cd4fa0d8859002e2bb2901890f5afcf74e155fd676689
-
SHA512
bfeb8365a6d3797e95c1aac90d62459e44aea2643a3dc227767d838aebbcf10d8c07239ee056deabfa411c3f534d729fbf4b7447cae7d38fb2b1dd8d5e112f57
-
SSDEEP
1536:M/AcoC7du0MBS/tZcJUTJKpBBn9Sw3zJ2TOTt4fB6S3f16ewYf+Ws:6A3C7du3BGtZcJUTA7h9Sw3yOZSx3fnG
Malware Config
Signatures
-
Contacts a large (163980) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1472 65ff40099d3a49d96d8cd4fa0d8859002e2bb2901890f5afcf74e155fd676689.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/71/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/490/cmdline File opened for reading /proc/677/cmdline File opened for reading /proc/1320/cmdline File opened for reading /proc/1596/cmdline File opened for reading /proc/2047/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/1415/cmdline File opened for reading /proc/2073/cmdline File opened for reading /proc/1501/cmdline File opened for reading /proc/1733/cmdline File opened for reading /proc/1957/cmdline File opened for reading /proc/176/cmdline File opened for reading /proc/1422/cmdline File opened for reading /proc/1998/cmdline File opened for reading /proc/1091/cmdline File opened for reading /proc/1424/cmdline File opened for reading /proc/1511/cmdline File opened for reading /proc/1868/cmdline File opened for reading /proc/1952/cmdline File opened for reading /proc/693/cmdline File opened for reading /proc/1727/cmdline File opened for reading /proc/1927/cmdline File opened for reading /proc/1937/cmdline File opened for reading /proc/72/cmdline File opened for reading /proc/1060/cmdline File opened for reading /proc/1135/cmdline File opened for reading /proc/1416/cmdline File opened for reading /proc/1510/cmdline File opened for reading /proc/2018/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/500/cmdline File opened for reading /proc/565/cmdline File opened for reading /proc/975/cmdline File opened for reading /proc/1425/cmdline File opened for reading /proc/1645/cmdline File opened for reading /proc/1653/cmdline File opened for reading /proc/2008/cmdline File opened for reading /proc/2077/cmdline File opened for reading /proc/479/cmdline File opened for reading /proc/1817/cmdline File opened for reading /proc/1870/cmdline File opened for reading /proc/2016/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/1122/cmdline File opened for reading /proc/1128/cmdline File opened for reading /proc/1426/cmdline File opened for reading /proc/1960/cmdline File opened for reading /proc/2055/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/90/cmdline File opened for reading /proc/1051/cmdline File opened for reading /proc/1142/cmdline File opened for reading /proc/1475/cmdline File opened for reading /proc/1922/cmdline File opened for reading /proc/1991/cmdline File opened for reading /proc/2004/cmdline File opened for reading /proc/2038/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/81/cmdline