0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5

Analysis

max time kernel
149s
max time network
143s
platform
debian-9_armhf
resource
debian9-armhf-20240418-en
resource tags

arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
13/10/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
Size

126KB
MD5

b72d6eb38b6c9cbbf1a947eaebac7c51
SHA1

867da2fb4c74de9085f62b26620be3036a4987af
SHA256

0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5
SHA512

7e741b718896519af930efc6cc6abfa16e7c782bff794b269117e135d1aacf419b8285139560c4804f4638597bbf7773945b39616d96a004fcb22ab99918fefd
SSDEEP

1536:Jdv+s43G5bUWkURArSh71QAFMxK4VIGUT2yd69O/LsA46nGtplEGwyw1FrR7DVP+:jv+XQ3R0g71QNE43Uqyd69O146GPYbf

Score

6^/10

discovery

Malware Config

Signatures

Enumerates running processes
Discovers information about currently running processes on the system

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	a- M"!	646	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/24/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/28/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/109/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/169/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/277/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/643/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/667/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/674/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/716/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/775/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/41/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/263/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/275/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/600/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/754/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/756/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/768/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/21/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/304/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/652/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/661/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/683/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/750/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/648/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/687/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/729/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/731/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/762/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/16/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/108/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/211/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/666/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/686/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/694/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/699/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/755/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/766/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/767/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/10/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/645/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/656/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/679/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/701/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/745/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/579/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/689/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/702/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/708/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/713/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/718/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/720/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/730/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/743/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/765/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/12/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/18/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/29/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/678/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/707/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/760/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/17/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/670/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/649/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
File opened for reading	/proc/671/cmdline	0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf

/tmp/0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
/tmp/0252a72358fc52c57af6fd1229f41da92fc15f440bb566c09d7764c0c2cefdf5.elf
1⤵
- Changes its process name
- Reads runtime system information
PID:646

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads