Malware Analysis Report

2025-01-23 14:01

Sample ID 240823-rdw2ws1bnn
Target sus.txt
SHA256 f606bfbb0a2f55cb9c7eb523ca03775260d253f0c4940c12a2467020be0a8e2a
Tags
upx xmrig antivm miner
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f606bfbb0a2f55cb9c7eb523ca03775260d253f0c4940c12a2467020be0a8e2a

Threat Level: Known bad

The file sus.txt was found to be: Known bad.

Malicious Activity Summary

upx xmrig antivm miner

xmrig

XMRig Miner payload

UPX packed file

Unexpected DNS network traffic destination

Executes dropped EXE

Runs EXE from memory

Checks hardware identifiers (DMI)

Enumerates running processes

Reads hardware information

Checks CPU configuration

Reads CPU attributes

Writes file to tmp directory

Reads runtime system information

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-23 14:05

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-23 14:05

Reported

2024-08-23 14:07

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

149s

Max time network

131s

Command Line

[/tmp/sus.txt]

Signatures

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A /usr/share/netplan/netplan_cli/__pycache__/apache2 /usr/share/netplan/netplan_cli/__pycache__/apache2 N/A
N/A /usr/include/sound/intel/avs/apache2 /usr/include/sound/intel/avs/apache2 N/A
N/A /usr/include/sound/intel/avs/apache2 /usr/include/sound/intel/avs/apache2 N/A

Runs EXE from memory

Description Indicator Process Target
N/A /proc/2844/fd/10 /proc/2844/fd/10 N/A
N/A /proc/2874/fd/4 /proc/2874/fd/4 N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 208.67.222.222 N/A N/A
Destination IP 208.67.222.222 N/A N/A

Checks hardware identifiers (DMI)

antivm
Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/product_name /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_name /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_vendor /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_vendor /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/sys_vendor /proc/2844/fd/10 N/A

Enumerates running processes

Reads hardware information

Description Indicator Process Target
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_asset_tag /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_version /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_vendor /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_version /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_version /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_serial /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_serial /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_name /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/bios_date /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/product_uuid /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_type /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/chassis_version /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_serial /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/dmi/id/board_asset_tag /proc/2874/fd/4 N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/sus.txt N/A
File opened for reading /proc/cpuinfo /proc/2844/fd/10 N/A
File opened for reading /proc/cpuinfo /proc/2874/fd/4 N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/level /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/number_of_sets /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/cluster_cpus /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/number_of_sets /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index8/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/id /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/package_cpus /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/type /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/type /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index7/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/base_frequency /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/level /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/physical_line_partition /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index9/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/online /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index4/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/type /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index6/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/possible /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/die_cpus /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/level /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/coherency_line_size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/physical_line_partition /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_cpus /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/core_id /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/physical_line_partition /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index5/shared_cpu_map /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/level /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/topology/physical_package_id /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/number_of_sets /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/type /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/id /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index1/shared_cpu_map /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/id /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/id /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index0/size /proc/2874/fd/4 N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/sus.txt N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_latency /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/block/loop6/loop/autoclear /usr/bin/mount N/A
File opened for reading /sys/devices/virtual/block/loop2/loop/autoclear /usr/bin/mount N/A
File opened for reading /sys/devices/cpu_core/cpus /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/block/loop4/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/devices/cpu_atom/cpus /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/cpumap /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/meminfo /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/block/loop1/loop/autoclear /usr/bin/mount N/A
File opened for reading /sys/devices/virtual/block/loop3/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/fs/cgroup/cgroup.controllers /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/online /proc/2874/fd/4 N/A
File opened for reading /sys/bus/dax/devices /proc/2874/fd/4 N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/block/loop3/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/devices/system/node/node0/meminfo /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /proc/2844/fd/10 N/A
File opened for reading /sys/kernel/mm/hugepages /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/firmware/dmi/tables/smbios_entry_point /proc/2844/fd/10 N/A
File opened for reading /sys/devices/cpu_core/cpus /proc/2874/fd/4 N/A
File opened for reading /sys/dev/block/7:0 /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:3 /usr/bin/mount N/A
File opened for reading /sys/devices/virtual/block/loop5/loop/autoclear /usr/bin/mount N/A
File opened for reading /sys/firmware/dmi/tables/DMI /proc/2874/fd/4 N/A
File opened for reading /sys/devices/cpu_atom/cpus /proc/2844/fd/10 N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /sys/devices/virtual/block/loop6/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /proc/2844/fd/10 N/A
File opened for reading /sys/devices/virtual/block/loop4/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/block/dm-0/dm/name /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:0 /usr/bin/mount N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/free_hugepages /proc/2874/fd/4 N/A
File opened for reading /sys/dev/block/7:1 /usr/bin/mount N/A
File opened for reading /sys/devices/virtual/block/loop2/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:6 /usr/bin/mount N/A
File opened for reading /sys/devices/system/cpu /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/block/loop4/loop/autoclear /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:5 /usr/bin/mount N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/read_latency /proc/2874/fd/4 N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /tmp/sus.txt N/A
File opened for reading /sys/bus/soc/devices /proc/2844/fd/10 N/A
File opened for reading /sys/fs/cgroup/cpuset.cpus.effective /proc/2874/fd/4 N/A
File opened for reading /sys/dev/block/7:2 /usr/bin/mount N/A
File opened for reading /sys/firmware/dmi/tables/DMI /proc/2844/fd/10 N/A
File opened for reading /sys/fs/cgroup/cpuset.mems.effective /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/hugepages/hugepages-2048kB/nr_hugepages /proc/2874/fd/4 N/A
File opened for reading /sys/devices/virtual/block/loop2/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:3 /usr/bin/mount N/A
File opened for reading /sys/dev/block/7:5 /usr/bin/mount N/A
File opened for reading /sys/devices/virtual/block/loop5/loop/backing_file /usr/bin/mount N/A
File opened for reading /sys/kernel/mm/hugepages /proc/2844/fd/10 N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/access0/initiators/write_bandwidth /proc/2874/fd/4 N/A
File opened for reading /sys/devices/system/node/node0/hugepages /proc/2874/fd/4 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/pressure /tmp/sus.txt N/A
File opened for reading /proc/2553 /tmp/sus.txt N/A
File opened for reading /proc/2138/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2035 /tmp/sus.txt N/A
File opened for reading /proc/508 /tmp/sus.txt N/A
File opened for reading /proc/19 /tmp/sus.txt N/A
File opened for reading /proc/364 /tmp/sus.txt N/A
File opened for reading /proc/71 /tmp/sus.txt N/A
File opened for reading /proc/2277/cmdline /tmp/sus.txt N/A
File opened for reading /proc/791/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2497/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2462 /tmp/sus.txt N/A
File opened for reading /proc/2630 /tmp/sus.txt N/A
File opened for reading /proc/33 /tmp/sus.txt N/A
File opened for reading /proc/234/cmdline /tmp/sus.txt N/A
File opened for reading /proc/37/cmdline /tmp/sus.txt N/A
File opened for reading /proc/195/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/51 /tmp/sus.txt N/A
File opened for reading /proc/2211/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2491/cmdline /tmp/sus.txt N/A
File opened for reading /proc/508/cmdline /tmp/sus.txt N/A
File opened for reading /proc/filesystems /usr/bin/mount N/A
File opened for reading /proc/driver/nvidia/gpus /proc/2844/fd/10 N/A
File opened for reading /proc/151/cmdline /tmp/sus.txt N/A
File opened for reading /proc/456/cmdline /tmp/sus.txt N/A
File opened for reading /proc/53/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/188/cmdline /tmp/sus.txt N/A
File opened for reading /proc/188 /tmp/sus.txt N/A
File opened for reading /proc/2348/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/580 /tmp/sus.txt N/A
File opened for reading /proc/833 /tmp/sus.txt N/A
File opened for reading /proc/15/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2573/cmdline /tmp/sus.txt N/A
File opened for reading /proc/41/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2015/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2658 /tmp/sus.txt N/A
File opened for reading /proc/2322/cmdline /tmp/sus.txt N/A
File opened for reading /proc/199 /tmp/sus.txt N/A
File opened for reading /proc/17/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2565/cmdline /tmp/sus.txt N/A
File opened for reading /proc/1069/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/11/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/456/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2334 /tmp/sus.txt N/A
File opened for reading /proc/2767 /tmp/sus.txt N/A
File opened for reading /proc/438 /tmp/sus.txt N/A
File opened for reading /proc/198/cmdline /tmp/sus.txt N/A
File opened for reading /proc/80/cmdline /tmp/sus.txt N/A
File opened for reading /proc/364/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2616 /tmp/sus.txt N/A
File opened for reading /proc/37 /tmp/sus.txt N/A
File opened for reading /proc/2491 /tmp/sus.txt N/A
File opened for reading /proc/2187/cmdline /tmp/sus.txt N/A
File opened for reading /proc/36/cmdline /tmp/sus.txt N/A
File opened for reading /proc/9 /tmp/sus.txt N/A
File opened for reading /proc/64 /tmp/sus.txt N/A
File opened for reading /proc/2015 /tmp/sus.txt N/A
File opened for reading /proc/792 /tmp/sus.txt N/A
File opened for reading /proc/1343/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2491/cmdline /tmp/sus.txt N/A
File opened for reading /proc/7/cmdline /tmp/sus.txt N/A
File opened for reading /proc/2553/cmdline /usr/include/sound/intel/avs/apache2 N/A
File opened for reading /proc/2630 /tmp/sus.txt N/A
File opened for reading /proc/29/cmdline /tmp/sus.txt N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.kkk /usr/share/netplan/netplan_cli/__pycache__/apache2 N/A
File opened for modification /tmp/.pp /usr/include/sound/intel/avs/apache2 N/A
File opened for modification /tmp/.ll /usr/include/sound/intel/avs/apache2 N/A
File opened for modification /tmp/.kkk /usr/include/sound/intel/avs/apache2 N/A

Processes

/tmp/sus.txt

[/tmp/sus.txt]

/tmp/sus.txt

[kdev_tfs]

/usr/bin/mount

[mount]

/usr/bin/mount

[mount]

/usr/bin/bash

[bash -c ./apache2]

/usr/share/netplan/netplan_cli/__pycache__/apache2

[./apache2]

/proc/2844/fd/10

[./10 -c/tmp/.kkk]

/usr/bin/bash

[bash -c ./apache2]

/usr/include/sound/intel/avs/apache2

[./apache2]

/usr/include/sound/intel/avs/apache2

[/usr/libexec/goa-identity-seTrice]

/proc/2874/fd/4

[./4 -c/tmp/.kkk]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 1.1.1.1:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 github.com udp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 objects.githubusercontent.com udp
US 1.1.1.1:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 208.67.222.222:53 mine.c3pool.com udp
US 1.1.1.1:53 api.github.com udp
US 1.1.1.1:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 1.1.1.1:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 1.1.1.1:53 objects.githubusercontent.com udp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 208.67.222.222:53 mine.c3pool.com udp

Files

memory/2830-1-0x0000000000400000-0x0000000001385d18-memory.dmp

/var/tmp/systemd-private-cPScUvjOx3qpNfGdVXDitop9UKyJDl4g-ModemManager.service-IYNQpD

MD5 4e563c55f6f4d1b34241bb756e6ad59c
SHA1 c95bd09a2463a7786892b647f3bd8f55f08f24bc
SHA256 abdd3ab96772e81397cf4c909af1bbe7cd07531f7f49e5f4c4c56e3b353ec4db
SHA512 4fe91963fb1ae1cae15af2ab6113fe56aec345315e9b72e303d48a67bfa145bb52f6491cef4e7e38aa68720dad32cc7230283aefed866d84d5cc4d3a55fbf633

/var/tmp/systemd-private-Zn1pX98sIA6UypDhjHVpsU4szxzpT8ct-ModemManager.service-U9mnmc

MD5 6775a0635c302542da2c32aa19d86be0
SHA1 1840914967dc0c2863a4ea68a2c13f044bc115a6
SHA256 dfaab096bd21200516e6780b2dd4c5dbff2f8f1172b9dfc3741331d2fe6af997
SHA512 1ae9e5d1f881c63c4bdd8b391256961b4922c5e0f8aff54ad246486096c9d65809e6a1634acd26ec42b91b9d5db1ea52ed814d3029fe307b3b8fd5cfcaa03bf1

memory/2835-2-0x0000000000400000-0x0000000001385d18-memory.dmp

/usr/share/netplan/netplan_cli/__pycache__/apache2

MD5 2bec6ef2881caac7d1bb4b2c57c4773f
SHA1 2ee6359c2983751bbe82f3f466f4a6f055f48d95
SHA256 e85169d1faa3926b29e82b9799bc96dd6144adef421312e94d24668cf82e44d1
SHA512 f2c0ded44febdf0019ea0dabce42b496ae58c283f936c7503bca0410efa18aa2410c1670cdb7026461a1ba168693fad21fd2571e817b53df91458d3b8fc11421

memory/2844-3-0x0000000000400000-0x0000000000f399f8-memory.dmp

/tmp/.kkk

MD5 70ad4e6f1089d13e412a9f7046cc51fc
SHA1 83920f222e58c1dd9e83d8b77e59262dce8c41e4
SHA256 c877649ee42669d9e65222265e8fa6ed6020a0eeeb96760406921e8b7c08a055
SHA512 bd9d71cf6181bdc388bcc4885cd84a6d7f76607cdb52280db1dacfee92a564e96d249f36e4337c284905771a22ad276fd926d6f56b49518bae359f6a09f38e94

/proc/2844/fd/10

MD5 0f0adb77cf679daf2d49e341fbfd7460
SHA1 8e42b566c1a60737b12ee752a285e3cf5fdb7050
SHA256 7d09b48bfcd06abcca521ff32ce5b7a7e05865a7b6cf2d655fad690e6d896915
SHA512 2b244e2d64cb5e844d883d328a324e9bc9612548232c820d4f246ef335363307a16262c424bec507d82f9ac613144b500ca55738d7ee6411bef73bc730ca53ba

memory/2848-4-0x0000000000400000-0x0000000000cbed38-memory.dmp

memory/2870-5-0x0000000000400000-0x0000000000f399f8-memory.dmp

/tmp/.ll

MD5 55f7dad946353d3658e52e334413d3b4
SHA1 cb93c8ff972bbc512ec469e8a5c9adc7e252c858
SHA256 52cab02b56ed3baa70bdf95ab6641740959f8fba74d7975e1f70a8ba333ab9f4
SHA512 960d61a2d7fcc21398e6e4d3b89b9dd8021f5ae1ed498fd13a853b0c3dcf1e7c659c7709860da80b2a48ca7a0a49237719c6dd97d12c01521d62b8029cfe79ac

/tmp/.pp

MD5 e6af401c28c1790eaef7d55c92ab6ab6
SHA1 00204e1a5b3b38239885d598ee136dc54e3b6bba
SHA256 25f2044c9fa1f3e56e58318f7c675baee722466f25e3694420997ec8984448da
SHA512 c597ee19fb20d446a24418784bef95af89805acdee2ffadce5069be3225f18518d1225a694cf60209f2f76ebad3be9130fd8793e0b7d969fbef347d1c70da636

memory/2874-6-0x0000000000400000-0x0000000000f399f8-memory.dmp

/tmp/.kkk

MD5 7b558e4b1d263c610a08a0859e59c18b
SHA1 10407b20e2544da1eaa68ac84a53d6ad1315feb1
SHA256 3ec57124a8811a8163e2fe007ec92adea9f1e8532c0658165878a48fa808b257
SHA512 b8470acd20055b32e48d96eb1d929dcd0b947468b4c8f0e0723812fe83570dd8cbd8fbe65c8fb2d2571304438e484eca6078ec41d338f43f4897eb2d93e9d29f

memory/2878-7-0x0000000000400000-0x0000000000cbed38-memory.dmp