Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
06/08/2024, 15:01
240806-sd4bmswcja 706/08/2024, 14:24
240806-rq56bsvfpa 106/08/2024, 13:16
240806-qhrsaszfjn 7Analysis
-
max time kernel
1199s -
max time network
1173s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
06/08/2024, 13:16
Static task
static1
Behavioral task
behavioral1
Sample
3061702.bin
Resource
ubuntu2204-amd64-20240611-en
ubuntu-22.04-amd64
General
-
Target
3061702.bin
-
Size
80KB
-
MD5
a975959cae20e53102a5e6202692b533
-
SHA1
9665799c84f0eff052a57c3205b1a515adc39278
-
SHA256
c0dee466b4592979a08e2d9176d3e1515a631268db2c5887faa8474aefeece5b
-
SHA512
f06c339ee01792d6cbab0c37038a70e69150b9b009aaafeb3244f3cb9b8f2f13f1b1ea3aebceecef6b395ffd133f1d25a51d648569598716332a14c91a35c574
-
SSDEEP
1536:RWsfKVotw2uYh6g+FB3SYFjgaiZBflluFl1bSzLm9xX/X/LA7MpzX:RWsfKVotw2uYYg+FB37FBc981bSzLmPR
Malware Config
Signatures
-
Renames itself 1 IoCs
pid 1579 -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.fo0VRj crontab -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1158/cmdline 3061702.bin File opened for reading /proc/1272/cmdline 3061702.bin File opened for reading /proc/225/cmdline 3061702.bin File opened for reading /proc/603/cmdline 3061702.bin File opened for reading /proc/1059/cmdline 3061702.bin File opened for reading /proc/1408/cmdline 3061702.bin File opened for reading /proc/1754/cmdline 3061702.bin File opened for reading /proc/1597/cmdline 3061702.bin File opened for reading /proc/82/cmdline 3061702.bin File opened for reading /proc/1634/cmdline 3061702.bin File opened for reading /proc/3/cmdline 3061702.bin File opened for reading /proc/95/cmdline 3061702.bin File opened for reading /proc/772/cmdline 3061702.bin File opened for reading /proc/1081/cmdline 3061702.bin File opened for reading /proc/1157/cmdline 3061702.bin File opened for reading /proc/1613/cmdline 3061702.bin File opened for reading /proc/97/cmdline 3061702.bin File opened for reading /proc/525/cmdline 3061702.bin File opened for reading /proc/674/cmdline 3061702.bin File opened for reading /proc/1035/cmdline 3061702.bin File opened for reading /proc/1169/cmdline 3061702.bin File opened for reading /proc/1765/cmdline 3061702.bin File opened for reading /proc/1467/cmdline 3061702.bin File opened for reading /proc/209/cmdline 3061702.bin File opened for reading /proc/213/cmdline 3061702.bin File opened for reading /proc/425/cmdline 3061702.bin File opened for reading /proc/761/cmdline 3061702.bin File opened for reading /proc/1030/cmdline 3061702.bin File opened for reading /proc/1294/cmdline 3061702.bin File opened for reading /proc/26/cmdline 3061702.bin File opened for reading /proc/216/cmdline 3061702.bin File opened for reading /proc/399/cmdline 3061702.bin File opened for reading /proc/1174/cmdline 3061702.bin File opened for reading /proc/1638/cmdline 3061702.bin File opened for reading /proc/1681/cmdline 3061702.bin File opened for reading /proc/113/cmdline 3061702.bin File opened for reading /proc/779/cmdline 3061702.bin File opened for reading /proc/868/cmdline 3061702.bin File opened for reading /proc/650/cmdline 3061702.bin File opened for reading /proc/734/cmdline 3061702.bin File opened for reading /proc/1528/cmdline 3061702.bin File opened for reading /proc/76/cmdline 3061702.bin File opened for reading /proc/1593/cmdline 3061702.bin File opened for reading /proc/24/cmdline 3061702.bin File opened for reading /proc/409/cmdline 3061702.bin File opened for reading /proc/1471/cmdline 3061702.bin File opened for reading /proc/1654/cmdline 3061702.bin File opened for reading /proc/1612/cmdline 3061702.bin File opened for reading /proc/1410/cmdline 3061702.bin File opened for reading /proc/11/cmdline 3061702.bin File opened for reading /proc/405/cmdline 3061702.bin File opened for reading /proc/1209/cmdline 3061702.bin File opened for reading /proc/9/cmdline 3061702.bin File opened for reading /proc/73/cmdline 3061702.bin File opened for reading /proc/81/cmdline 3061702.bin File opened for reading /proc/1009/cmdline 3061702.bin File opened for reading /proc/1168/cmdline 3061702.bin File opened for reading /proc/1179/cmdline 3061702.bin File opened for reading /proc/75/cmdline 3061702.bin File opened for reading /proc/503/cmdline 3061702.bin File opened for reading /proc/1197/cmdline 3061702.bin File opened for reading /proc/210/cmdline 3061702.bin File opened for reading /proc/1181/cmdline 3061702.bin File opened for reading /proc/1768/cmdline 3061702.bin
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD58978cfa6f4f88493d1a5a1c046524c56
SHA18a89dfe22e04771ee8facaf2ff5dc3b732eba7aa
SHA256ff11f2f20c87a3a0f85b43ae6af0229145fe3818a8a52a5f5a227c31c7758940
SHA51215a25fcf3f827ef63a4d2cfba11e135297c26fb57d1e28554a4803276f92982b153e0d909e22dc0c70ce82e1b221116a68d665662064be6b4dc1b962935b7890