Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
132s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
22/05/2024, 12:13
Static task
static1
Behavioral task
behavioral1
Sample
test.sh
Resource
ubuntu1804-amd64-20240508-en
ubuntu-18.04-amd64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
test.sh
Resource
debian9-armhf-20240226-en
debian-9-armhf
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
test.sh
Resource
debian9-mipsbe-20240226-en
debian-9-mips
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
test.sh
Resource
debian9-mipsel-20240226-en
debian-9-mipsel
0 signatures
150 seconds
General
-
Target
test.sh
-
Size
838B
-
MD5
17cc74618af412ae3e9a068c42512d49
-
SHA1
c7823fdf8d6cc013ae721362aa03f9a0c402da9a
-
SHA256
9b91e2c7ed80a53babbc4f08415a2828e75ebc8f86eb2a75b06ca5450f334f17
-
SHA512
38e37b37a8cda6359c23da11b407bc661b1569ea8b173ccc794a57926bf2e04a27ae781d5afc1619016378eee10d42a4008aae84bf6bfb7239a02a9e49e7b084
Score
6/10
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online pkill -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/180/cmdline pkill File opened for reading /proc/182/cmdline pkill File opened for reading /proc/435/cmdline pkill File opened for reading /proc/499/cmdline pkill File opened for reading /proc/520/status pkill File opened for reading /proc/1171/status pkill File opened for reading /proc/1171/cmdline pkill File opened for reading /proc/2/cmdline pkill File opened for reading /proc/16/status pkill File opened for reading /proc/32/cmdline pkill File opened for reading /proc/429/cmdline pkill File opened for reading /proc/538/cmdline pkill File opened for reading /proc/1476/cmdline pkill File opened for reading /proc/31/status pkill File opened for reading /proc/79/status pkill File opened for reading /proc/98/cmdline pkill File opened for reading /proc/950/cmdline pkill File opened for reading /proc/1020/cmdline pkill File opened for reading /proc/1196/status pkill File opened for reading /proc/1481/status pkill File opened for reading /proc/13/cmdline pkill File opened for reading /proc/425/cmdline pkill File opened for reading /proc/497/cmdline pkill File opened for reading /proc/1063/status pkill File opened for reading /proc/1295/status pkill File opened for reading /proc/1303/cmdline pkill File opened for reading /proc/1340/cmdline pkill File opened for reading /proc/8/cmdline pkill File opened for reading /proc/17/status pkill File opened for reading /proc/178/status pkill File opened for reading /proc/183/status pkill File opened for reading /proc/670/status pkill File opened for reading /proc/1063/cmdline pkill File opened for reading /proc/35/cmdline pkill File opened for reading /proc/190/cmdline pkill File opened for reading /proc/893/cmdline pkill File opened for reading /proc/963/status pkill File opened for reading /proc/1265/cmdline pkill File opened for reading /proc/547/cmdline pkill File opened for reading /proc/1050/cmdline pkill File opened for reading /proc/1128/cmdline pkill File opened for reading /proc/1175/status pkill File opened for reading /proc/179/cmdline pkill File opened for reading /proc/472/cmdline pkill File opened for reading /proc/1/cmdline pkill File opened for reading /proc/5/cmdline pkill File opened for reading /proc/22/status pkill File opened for reading /proc/36/status pkill File opened for reading /proc/80/status pkill File opened for reading /proc/84/status pkill File opened for reading /proc/1370/cmdline pkill File opened for reading /proc/482/status pkill File opened for reading /proc/487/status pkill File opened for reading /proc/605/cmdline pkill File opened for reading /proc/666/cmdline pkill File opened for reading /proc/707/status pkill File opened for reading /proc/1339/status pkill File opened for reading /proc/190/status pkill File opened for reading /proc/666/status pkill File opened for reading /proc/1044/status pkill File opened for reading /proc/1120/cmdline pkill File opened for reading /proc/1188/status pkill File opened for reading /proc/177/cmdline pkill File opened for reading /proc/1067/cmdline pkill