6a955c1c8cf439187b32439f76bc55ad96e9586a2cf6c251d4c8755a5672f9f6

Analysis

max time kernel
0s
max time network
132s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
01-09-2024 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

smartsynchronize/bin/remove-menuitem.sh
Size

1KB
MD5

e76dfdc72d6e02b756cda49d0cbfdee2
SHA1

c27f90b9d5f6eae0fb37f0ca4625052e55e9adf8
SHA256

e61650db4396f6aade2752909d2aec2697aba46e12b85be3d27d60eb9dcd564c
SHA512

631e488012833935e0b5ef112be4f98dc86155c8933283ac33b1c91b68dcafd70032e6eb3824647bbd78bfd0b0c00d507403ca903a6cafa020ef63280fb17f19

Score

3^/10

Malware Config

Signatures

Reads runtime system information 27 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	gtk-update-icon-cache
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	gtk-update-icon-cache
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	gtk-update-icon-cache
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	gtk-update-icon-cache

/tmp/smartsynchronize/bin/remove-menuitem.sh
/tmp/smartsynchronize/bin/remove-menuitem.sh
1⤵
PID:1481
- /usr/bin/xdg-desktop-menu
  xdg-desktop-menu uninstall syntevo-smartsynchronize.desktop
  2⤵
  PID:1482
- - /usr/bin/whoami
    whoami
    3⤵
    PID:1483
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1486
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1489
- - /usr/bin/cut
    cut -d : -f 1
    3⤵
    PID:1492
- - /usr/bin/cut
    cut -d : -f 2
    3⤵
    PID:1495
- - /usr/bin/basename
    basename syntevo-smartsynchronize.desktop
    3⤵
    PID:1496
- - /bin/rm
    rm -f /usr/share//applications/syntevo-smartsynchronize.desktop
    3⤵
    PID:1497
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1500
- - /usr/bin/update-desktop-database
    /usr/bin/update-desktop-database
    3⤵
    PID:1501
- /usr/bin/xdg-icon-resource
  xdg-icon-resource uninstall --size 32 "syntevo-smartsynchronize-@ICON_HASH@"
  2⤵
  PID:1502
- - /bin/grep
    grep "[^0-9]"
    3⤵
    PID:1504
- - /usr/bin/whoami
    whoami
    3⤵
    PID:1505
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1508
- - /bin/readlink
    readlink -f /usr/share//icons
    3⤵
    PID:1509
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1512
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$//"
    3⤵
    - Reads runtime system information
    PID:1515
- - /usr/bin/basename
    basename "syntevo-smartsynchronize-@ICON_HASH@"
    3⤵
    PID:1514
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$/.icon/"
    3⤵
    - Reads runtime system information
    PID:1518
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/32x32/apps/syntevo-smartsynchronize-@[email protected]" "/usr/share//icons/hicolor/32x32/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1519
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/32x32/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1520
- - /usr/bin/touch
    touch /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1521
- - /bin/rm
    rm -f /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1522
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1525
- - /usr/bin/gtk-update-icon-cache
    /usr/bin/gtk-update-icon-cache -f -t /usr/share//icons/hicolor
    3⤵
    - Reads runtime system information
    PID:1526
- /usr/bin/xdg-icon-resource
  xdg-icon-resource uninstall --size 48 "syntevo-smartsynchronize-@ICON_HASH@"
  2⤵
  PID:1530
- - /bin/grep
    grep "[^0-9]"
    3⤵
    PID:1532
- - /usr/bin/whoami
    whoami
    3⤵
    PID:1533
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1536
- - /bin/readlink
    readlink -f /usr/share//icons
    3⤵
    PID:1537
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1540
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$//"
    3⤵
    - Reads runtime system information
    PID:1547
- - /usr/bin/basename
    basename "syntevo-smartsynchronize-@ICON_HASH@"
    3⤵
    PID:1546
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$/.icon/"
    3⤵
    - Reads runtime system information
    PID:1553
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/48x48/apps/syntevo-smartsynchronize-@[email protected]" "/usr/share//icons/hicolor/48x48/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1554
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/48x48/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1555
- - /usr/bin/touch
    touch /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1556
- - /bin/rm
    rm -f /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1557
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1560
- - /usr/bin/gtk-update-icon-cache
    /usr/bin/gtk-update-icon-cache -f -t /usr/share//icons/hicolor
    3⤵
    - Reads runtime system information
    PID:1561
- /usr/bin/xdg-icon-resource
  xdg-icon-resource uninstall --size 64 "syntevo-smartsynchronize-@ICON_HASH@"
  2⤵
  PID:1562
- - /bin/grep
    grep "[^0-9]"
    3⤵
    PID:1564
- - /usr/bin/whoami
    whoami
    3⤵
    PID:1565
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1568
- - /bin/readlink
    readlink -f /usr/share//icons
    3⤵
    PID:1569
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1572
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$//"
    3⤵
    - Reads runtime system information
    PID:1575
- - /usr/bin/basename
    basename "syntevo-smartsynchronize-@ICON_HASH@"
    3⤵
    PID:1574
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$/.icon/"
    3⤵
    - Reads runtime system information
    PID:1578
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/64x64/apps/syntevo-smartsynchronize-@[email protected]" "/usr/share//icons/hicolor/64x64/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1579
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/64x64/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1580
- - /usr/bin/touch
    touch /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1581
- - /bin/rm
    rm -f /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1582
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1586
- - /usr/bin/gtk-update-icon-cache
    /usr/bin/gtk-update-icon-cache -f -t /usr/share//icons/hicolor
    3⤵
    - Reads runtime system information
    PID:1587
- /usr/bin/xdg-icon-resource
  xdg-icon-resource uninstall --size 128 "syntevo-smartsynchronize-@ICON_HASH@"
  2⤵
  PID:1588
- - /bin/grep
    grep "[^0-9]"
    3⤵
    PID:1590
- - /usr/bin/whoami
    whoami
    3⤵
    PID:1591
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1594
- - /bin/readlink
    readlink -f /usr/share//icons
    3⤵
    PID:1595
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1598
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$//"
    3⤵
    - Reads runtime system information
    PID:1601
- - /usr/bin/basename
    basename "syntevo-smartsynchronize-@ICON_HASH@"
    3⤵
    PID:1600
- - /bin/sed
    sed "s/\\.[a-z][a-z][a-z]\$/.icon/"
    3⤵
    - Reads runtime system information
    PID:1604
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/128x128/apps/syntevo-smartsynchronize-@[email protected]" "/usr/share//icons/hicolor/128x128/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1605
- - /bin/rm
    rm -f "/usr/share//icons/hicolor/128x128/apps/syntevo-smartsynchronize-@[email protected]"
    3⤵
    PID:1606
- - /usr/bin/touch
    touch /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1607
- - /bin/rm
    rm -f /usr/share//icons/hicolor/.xdg-icon-resource-dummy
    3⤵
    PID:1608
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1611
- - /usr/bin/gtk-update-icon-cache
    /usr/bin/gtk-update-icon-cache -f -t /usr/share//icons/hicolor
    3⤵
    - Reads runtime system information
    PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/usr/share/applications/.mimeinfo.cache.VON9S2

Filesize
24KB

MD5
076fde864bb9ed2665eabd0d044babc0

SHA1
47111d03ada97075e419b4d992054de2726f124d

SHA256
06c17a40aeaca87da293bb52f73b54168f691fbff71522a5515c85e09222151d

SHA512
b0bf72380617b2db66bc3e30b61cd543a486831292be6c1e05ca40ae63c08bba3a9362b30c05efe7b2b2ee5326b6f7d4731527fbf363d219b541f0c780b0df16

Download Submit
/usr/share/icons/hicolor/.icon-theme.cache

Filesize
18KB

MD5
eea3d6c1b94ddddd24f57a03bddcb872

SHA1
d51c80ff20dcb96db5fa188563906c10ca556b14

SHA256
e14f83d91df3c67a26e9336763bf0569364e6b1ba244548df0abd3a4ecc88d02

SHA512
599bc988b50da2ce2bfc146f5f76100622d5ddc55d8b3c299a57eb3e6a9241270fefaa7f762ed20f0abcae3364f98f468f9c5d3598371fcab04b054b3bb5db70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads