Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
6Static
static
1sample.tar
windows7-x64
3sample.tar
windows10-2004-x64
3.system2/autorun
ubuntu-18.04-amd64
6.system2/autorun
debian-9-armhf
6.system2/autorun
debian-9-mips
6.system2/autorun
debian-9-mipsel
6.system2/bash
ubuntu-18.04-amd64
1.system2/bash
debian-9-armhf
1.system2/bash
debian-9-mips
1.system2/bash
debian-9-mipsel
1.system2/m.vbs
windows7-x64
1.system2/m.vbs
windows10-2004-x64
1.system2/pp3-login
ubuntu-24.04-amd64
.system2/start
ubuntu-18.04-amd64
1.system2/start
debian-9-armhf
1.system2/start
debian-9-mips
1.system2/start
debian-9-mipsel
1.system2/y2kupdate
ubuntu-18.04-amd64
1.system2/y2kupdate
debian-9-armhf
1.system2/y2kupdate
debian-9-mips
1.system2/y2kupdate
debian-9-mipsel
1Analysis
-
max time kernel
1s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01/07/2024, 07:44
Static task
static1
Behavioral task
behavioral1
Sample
sample.tar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
sample.tar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
.system2/autorun
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral4
Sample
.system2/autorun
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral5
Sample
.system2/autorun
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral6
Sample
.system2/autorun
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral7
Sample
.system2/bash
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral8
Sample
.system2/bash
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral9
Sample
.system2/bash
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral10
Sample
.system2/bash
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral11
Sample
.system2/m.vbs
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
.system2/m.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
.system2/pp3-login
Resource
ubuntu2404-amd64-20240523-en
Behavioral task
behavioral14
Sample
.system2/start
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral15
Sample
.system2/start
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral16
Sample
.system2/start
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral17
Sample
.system2/start
Resource
debian9-mipsel-20240611-en
Behavioral task
behavioral18
Sample
.system2/y2kupdate
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral19
Sample
.system2/y2kupdate
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral20
Sample
.system2/y2kupdate
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral21
Sample
.system2/y2kupdate
Resource
debian9-mipsel-20240226-en
General
-
Target
.system2/autorun
-
Size
323B
-
MD5
c4b224d52fe7b54d48b7c98be4ffd98c
-
SHA1
a2b545cefdb5cdace314002dd616f4bcb7c506a2
-
SHA256
528a699fd5986b53cdde84a396c43c5448c552d38518742b6f04ed5dc6abd251
-
SHA512
aadb23be29a72a59224d237ce9fcf58f3b64d7012bd4e03c460152ee8654772a1a298fc7f34c91ffa35362e1db99267cfa79de2b7827501dc5710a13ac03d699
Malware Config
Signatures
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.XRH3Hx crontab -
Reads runtime system information 2 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems crontab File opened for reading /proc/filesystems crontab -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/.system2/y2kupdate autorun File opened for modification /tmp/.system2/m.dir autorun File opened for modification /tmp/.system2/cron.d autorun
Processes
-
/tmp/.system2/autorun/tmp/.system2/autorun1⤵
- Writes file to tmp directory
PID:713 -
/bin/catcat m.dir2⤵PID:715
-
-
/usr/bin/crontabcrontab cron.d2⤵
- Creates/modifies Cron job
- Reads runtime system information
PID:717
-
-
/bin/grepgrep y2kupdate2⤵PID:723
-
-
/usr/bin/crontabcrontab -l2⤵
- Reads runtime system information
PID:722
-
-
/bin/chmodchmod u+x y2kupdate2⤵PID:728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
230B
MD5f21862c4c6e581343f8860e27737b7bd
SHA1aa1cb37c6026ae2ea6f806fe1bf1fe0b8f8b1136
SHA2562abacf4d980cafba76dce1d6a227df8900449952aa89ef6013262e40b0a79309
SHA5128d7dd69648dfc9bbd43c312ed9038505806cc9bf349e1cde2b1e5c7200b79e84c4e74c4c618e0a1acd13a883e610ee9add0aebc3b989376784bf559b977f9abc