Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

mset9.bat

windows7-x64

1

mset9.bat

windows10-2004-x64

1

mset9.command

ubuntu-18.04-amd64

3

mset9.command

debian-9-armhf

1

mset9.command

debian-9-mips

mset9.command

debian-9-mipsel

mset9.py

ubuntu-18.04-amd64

mset9.py

debian-9-armhf

mset9.py

debian-9-mips

mset9.py

debian-9-mipsel

Analysis

  • max time kernel
    0s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240418-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240418-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    01/05/2024, 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mset9.command

  • Size

    352B

  • MD5

    8ae6d8f01135f06285bdc6249a42780c

  • SHA1

    451165f86c132acec68315e488bfd88148df1403

  • SHA256

    79378927ede965ab16a4b9acb722d5f1580fbb1d98924a64efc8e9c03900d93c

  • SHA512

    b2ea24401f2d8ca1fc057f874051078f6be9f3e3d5564b6233d56b55308809ced5e6b18dbca32071c2a73b540811c43d11a908f4779a2dcd9f3a91ee1c1745cb

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/mset9.command
    /tmp/mset9.command
    1⤵
      PID:1547
      • /usr/bin/which
        which python3
        2⤵
          PID:1548
        • /usr/bin/dirname
          dirname /tmp/mset9.command
          2⤵
            PID:1550
        • /usr/local/sbin/python3
          python3 /tmp/mset9.py
          1⤵
            PID:1547
          • /usr/local/bin/python3
            python3 /tmp/mset9.py
            1⤵
              PID:1547
            • /usr/sbin/python3
              python3 /tmp/mset9.py
              1⤵
                PID:1547
              • /usr/bin/python3
                python3 /tmp/mset9.py
                1⤵
                • Reads runtime system information
                PID:1547
                • /bin/sh
                  /bin/sh -c "uname -p 2> /dev/null"
                  2⤵
                    PID:1552
                    • /bin/uname
                      uname -p
                      3⤵
                        PID:1553

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads