Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
16/04/2024, 01:42
Static task
static1
Behavioral task
behavioral1
Sample
7b9aec27551f2d7b7ec65802b8330a12b114ac441659200648a65bea6c987a13.elf
Resource
ubuntu1804-amd64-20240226-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
7b9aec27551f2d7b7ec65802b8330a12b114ac441659200648a65bea6c987a13.elf
-
Size
187KB
-
MD5
ae439285226cddf599347ef2bf84e846
-
SHA1
ea2bb5c6f42bcba685effe50aa9cac727c74ce07
-
SHA256
7b9aec27551f2d7b7ec65802b8330a12b114ac441659200648a65bea6c987a13
-
SHA512
03b311fa363bab3edfe60972232e898732ead35293e0e4c895804025476dd2510ef169eb5408cacd1c0b43b8b7da78f4b15b8e309b606536ef53b87d0a3fb19f
-
SSDEEP
3072:UpGYXPlyQylu1zXMA2R4TnEjbaEcCvPvyHVByqqJEy:VYNylu1zXMANnEjbaBCvP6Hv8t
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1524 7b9aec27551f2d7b7ec65802b8330a12b114ac441659200648a65bea6c987a13.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/182/cmdline File opened for reading /proc/250/cmdline File opened for reading /proc/464/cmdline File opened for reading /proc/482/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/34/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/174/cmdline File opened for reading /proc/495/cmdline File opened for reading /proc/1329/cmdline File opened for reading /proc/433/cmdline File opened for reading /proc/669/cmdline File opened for reading /proc/1126/cmdline File opened for reading /proc/1134/cmdline File opened for reading /proc/1/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/78/cmdline File opened for reading /proc/276/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/1061/cmdline File opened for reading /proc/1435/cmdline File opened for reading /proc/1522/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/950/cmdline File opened for reading /proc/1177/cmdline File opened for reading /proc/1378/cmdline File opened for reading /proc/1527/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/648/cmdline File opened for reading /proc/937/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/520/cmdline File opened for reading /proc/1352/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/82/cmdline File opened for reading /proc/443/cmdline File opened for reading /proc/1122/cmdline File opened for reading /proc/1178/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/177/cmdline File opened for reading /proc/184/cmdline File opened for reading /proc/483/cmdline File opened for reading /proc/660/cmdline File opened for reading /proc/1118/cmdline File opened for reading /proc/1250/cmdline File opened for reading /proc/1519/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/1182/cmdline File opened for reading /proc/181/cmdline File opened for reading /proc/707/cmdline File opened for reading /proc/1043/cmdline File opened for reading /proc/1073/cmdline File opened for reading /proc/172/cmdline File opened for reading /proc/210/cmdline File opened for reading /proc/703/cmdline File opened for reading /proc/1080/cmdline File opened for reading /proc/1148/cmdline File opened for reading /proc/165/cmdline