3b995eb134e7d5143a91d6f6d0a3ca158f82997d794f4877b98ad390da8d7b8b

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
22-05-2024 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pevents.exe
Size

10.1MB
MD5

cd1e66bb7c66a4ee633a17dba21d4a3a
SHA1

5325461a6d2baa60fc9bd549c5d4ecb1c780dfdc
SHA256

3b995eb134e7d5143a91d6f6d0a3ca158f82997d794f4877b98ad390da8d7b8b
SHA512

22230255c8a90d16a46e938fdf73dda1891defe7444cf9a67540604cc2739b9047c964ba0b9a2464dc8f0a78b58e6f9b5a84400a2e3f21d0a3be5c87c8a94096
SSDEEP

98304:IZAiZA3wJy/A+tM6GvdHcxxwMgbeu7If+rBeHzbKkyz76VFv+NT:aPO3NHM6qdH5M1FfKe6V76VFGNT

Score

4^/10

antivm

Malware Config

Signatures

Changes its process name 1 IoCs

Processes:

description ioc pid

Changes the process name, possibly in an attempt to hide itself tkLicOnline 1401
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

pevents.exe

description ioc process

File opened for reading /proc/cpuinfo pevents.exe
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

pevents.exe

description ioc process

File opened for reading /sys/class/sunxi_info/sys_info pevents.exe

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	tkLicOnline	1401

description	ioc	process
File opened for reading	/proc/cpuinfo	pevents.exe

description	ioc	process
File opened for reading	/sys/class/sunxi_info/sys_info	pevents.exe

Reads runtime system information 5 IoCs

Reads data from /proc virtual filesystem.

Processes:

dflspevents.exemkdir

description	ioc	process
File opened for reading	/proc/self/mountinfo	df
File opened for reading	/proc/filesystems	ls
File opened for reading	/proc/version	pevents.exe
File opened for reading	/proc/cmdline	pevents.exe
File opened for reading	/proc/filesystems	mkdir

/tmp/pevents.exe
/tmp/pevents.exe
1⤵
- Checks CPU configuration
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1397

/bin/sh
sh -c "mkdir -p /var/mcut/.data//acesso//tmp/"
2⤵
PID:1398

/usr/bin/mkdir
mkdir -p /var/mcut/.data//acesso//tmp/
3⤵
- Reads runtime system information
PID:1399

/bin/sh
sh -c "df -h"
2⤵
PID:1402

/usr/bin/df
df -h
3⤵
- Reads runtime system information
PID:1403

/bin/sh
sh -c "ls -lh /dev/disk/by-uuid/"
2⤵
PID:1404

/usr/bin/ls
ls -lh /dev/disk/by-uuid/
3⤵
- Reads runtime system information
PID:1405

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads