Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

update

ubuntu-18.04-amd64

6

update

ubuntu-20.04-amd64

6

update

ubuntu-22.04-amd64

6

update

ubuntu-24.04-amd64

6

Resubmissions

30/08/2024, 17:56

240830-wjcyesxaqb 6

26/07/2024, 05:52

240726-gk582atbng 6

Analysis

  • max time kernel
    113s
  • max time network
    131s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30/08/2024, 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    update

  • Size

    6.8MB

  • MD5

    3a0f42a9d7e2c201171a7b95d0cda37e

  • SHA1

    c51aecf6b08957c4bc090c64952789f0836578bd

  • SHA256

    90adac72b6038472083e3e2ff8ab8a41eb624c5dc5b0dce58653d94d6c8b4da9

  • SHA512

    647d7f0ca0b6104e9c4e84b25f3e9db5b6055730ddff2dddcb7b57c1fcc6f309c52587119c54890884315cda52a55813bf9344011fa3292b7fd84fe41d7ee87e

  • SSDEEP

    49152:3Hse9N5/ayL0S2Sw10GDeVYjCDeQ0h+VCM8vzG+6X05cUJCS5DrEMDrE6yoXWw4H:3HbYem+6hM8vzQ48SJrE2IUKjg

Score
6/10
antivmevasion

Malware Config

Signatures

  • Checks mountinfo of local process 1 TTPs 1 IoCs

    Checks mountinfo of running processes which indicate if it is running in chroot jail.

    antivm
  • Reads hardware information 1 TTPs 1 IoCs

    Accesses system info like serial numbers, manufacturer names etc.

  • Reads list of loaded kernel modules 1 TTPs 1 IoCs

    Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

    evasion
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 9 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to shm directory 1 IoCs

    Malware can drop malicious files in the shm directory which will run directly from RAM.

Processes

  • /tmp/update
    /tmp/update
    1⤵
    • Checks mountinfo of local process
    • Reads hardware information
    • Reads list of loaded kernel modules
    • Checks CPU configuration
    • Enumerates kernel/hardware configuration
    • Reads runtime system information
    • Writes file to shm directory
    PID:1564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /dev/shm/.shm2z9QBZ
    Filesize

    7.8MB

    MD5

    0cc445a80a3a1156192fc079d575428f

    SHA1

    8a403a154a5835296cf812cdbbab50c445e9758d

    SHA256

    20f09959706797b81b2a4de627c01d0c0d890d142954d455a0e50f7811bdc951

    SHA512

    1eb6cce112630cc62379bacad791c41b383fa318a90ffeef40419d1029d444fa1a7763908926e909b1fc1c52822511ba155ff3ab23c9f362bdb68670fbf3c4d0

    Download Submit