Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d2f2271938...be.elf

ubuntu-20.04-amd64

4

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240418-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240418-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    07/05/2024, 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf

  • Size

    1.0MB

  • MD5

    988155f2bf9242ce23193e8cbb8a001c

  • SHA1

    4c0c74fd0fb9fba9587f3ec7b6326db029c334b7

  • SHA256

    d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe

  • SHA512

    0a461a2bf57002f0f27b56e6e5ce7d018b23bec2926bf473acb8e58ecc7cfbd4f781a1dfe2ad627ea4032aedd589bda587b27a9a17e4689889ebd322d393ed8d

  • SSDEEP

    24576:RsqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4wwS49TrHg29XE/PZroyUkNR9:PhvnhHXuhshNjK8AlGWaoEroyUk

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 7 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf
    /tmp/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf
    1⤵
    • Checks CPU configuration
    • Reads CPU attributes
    PID:1529
    • /bin/sh
      sh -c "chmod +x /etc/rc.local"
      2⤵
        PID:1530
        • /usr/bin/chmod
          chmod +x /etc/rc.local
          3⤵
            PID:1531
        • /bin/sh
          sh -c "mv /tmp/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf /etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf"
          2⤵
            PID:1532
            • /usr/bin/mv
              mv /tmp/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf /etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf
              3⤵
              • Reads runtime system information
              PID:1533
          • /bin/sh
            sh -c "cd /etc;chmod 777 d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf"
            2⤵
              PID:1535
              • /usr/bin/chmod
                chmod 777 d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf
                3⤵
                  PID:1536
              • /bin/sh
                sh -c "sed -i -e '/exit/d' /etc/rc.local"
                2⤵
                  PID:1537
                  • /usr/bin/sed
                    sed -i -e /exit/d /etc/rc.local
                    3⤵
                    • Reads runtime system information
                    PID:1538
                • /bin/sh
                  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
                  2⤵
                    PID:1539
                    • /usr/bin/sed
                      sed -i -e "/^ | | \$/d" /etc/rc.local
                      3⤵
                      • Reads runtime system information
                      PID:1540
                  • /bin/sh
                    sh -c "sed -i -e '/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf/d' /etc/rc.local"
                    2⤵
                      PID:1543
                      • /usr/bin/sed
                        sed -i -e /d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf/d /etc/rc.local
                        3⤵
                        • Reads runtime system information
                        PID:1544
                    • /bin/sh
                      sh -c "sed -i -e '2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf reboot' /etc/rc.local"
                      2⤵
                        PID:1546
                        • /usr/bin/sed
                          sed -i -e "2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf reboot" /etc/rc.local
                          3⤵
                          • Reads runtime system information
                          PID:1548
                      • /bin/sh
                        sh -c "sed -i -e '2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf start' /etc/rc.d/rc.local"
                        2⤵
                          PID:1551
                          • /usr/bin/sed
                            sed -i -e "2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf start" /etc/rc.d/rc.local
                            3⤵
                            • Reads runtime system information
                            PID:1552
                        • /bin/sh
                          sh -c "sed -i -e '2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf start' /etc/init.d/boot.local"
                          2⤵
                            PID:1555
                            • /usr/bin/sed
                              sed -i -e "2 i/etc/d2f2271938f895d5383a6ca9e2170da7545314eb234da1f72eb2bd58f027dfbe.elf start" /etc/init.d/boot.local
                              3⤵
                              • Reads runtime system information
                              PID:1556

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads