Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

platforms/...479.sh

ubuntu-18.04-amd64

3

platforms/...479.sh

debian-9-armhf

3

platforms/...479.sh

debian-9-mips

3

platforms/...479.sh

debian-9-mipsel

3

platforms/...481.sh

ubuntu-18.04-amd64

1

platforms/...481.sh

debian-9-armhf

1

platforms/...481.sh

debian-9-mips

1

platforms/...481.sh

debian-9-mipsel

1

platforms/...232.sh

ubuntu-18.04-amd64

3

platforms/...232.sh

debian-9-armhf

3

platforms/...232.sh

debian-9-mips

3

platforms/...232.sh

debian-9-mipsel

3

platforms/...612.py

windows7-x64

3

platforms/...612.py

windows10-2004-x64

3

platforms/...701.sh

windows7-x64

3

platforms/...701.sh

windows10-2004-x64

3

platforms/...898.sh

ubuntu-18.04-amd64

platforms/...898.sh

debian-9-armhf

platforms/...898.sh

debian-9-mips

platforms/...898.sh

debian-9-mipsel

platforms/...010.pl

ubuntu-18.04-amd64

platforms/...010.pl

debian-9-armhf

platforms/...010.pl

debian-9-mips

platforms/...010.pl

debian-9-mipsel

platforms/...070.pl

ubuntu-18.04-amd64

platforms/...070.pl

debian-9-armhf

platforms/...070.pl

debian-9-mips

platforms/...070.pl

debian-9-mipsel

platforms/...071.pl

ubuntu-18.04-amd64

1

platforms/...071.pl

debian-9-armhf

1

platforms/...071.pl

debian-9-mips

1

platforms/...071.pl

debian-9-mipsel

1

Analysis

  • max time kernel
    4s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    25/11/2024, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    platforms/QNX/local/1479.sh

  • Size

    644B

  • MD5

    f2273bf88664e68857f46681317c9cc7

  • SHA1

    1ee20de6c758683652740ff8cce2281461a53893

  • SHA256

    710313d9fb5b811740f47cd8256de2ec1fa8dc8eb266532718382f5af867c8ca

  • SHA512

    4706f1e79dea89c043ad835e19ace01e24464c59946f1b767b014d7c2c33d8c3ce10c2e05e844d1fea4df255024ea23ea292f81170339ea238c58ec669aa2c9a

Score
3/10
discovery

Malware Config

Signatures

  • System Network Configuration Discovery 1 TTPs 4 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery
  • Writes file to tmp directory 11 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/platforms/QNX/local/1479.sh
    /tmp/platforms/QNX/local/1479.sh
    1⤵
    • Writes file to tmp directory
    PID:735
    • /bin/cat
      cat
      2⤵
        PID:741
      • /usr/bin/make
        make phfontphf
        2⤵
          PID:746
          • /usr/local/sbin/cc
            cc phfontphf.c -o phfontphf
            3⤵
              PID:751
            • /usr/local/bin/cc
              cc phfontphf.c -o phfontphf
              3⤵
                PID:751
              • /usr/sbin/cc
                cc phfontphf.c -o phfontphf
                3⤵
                  PID:751
                • /usr/bin/cc
                  cc phfontphf.c -o phfontphf
                  3⤵
                  • Writes file to tmp directory
                  PID:751
                  • /usr/lib/gcc/mips-linux-gnu/6/cc1
                    /usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu phfontphf.c -meb -quiet -dumpbase phfontphf.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase phfontphf -o /tmp/ccu0s3kw.s
                    4⤵
                    • Writes file to tmp directory
                    PID:754
                  • /usr/local/sbin/as
                    as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc9zrxUK.o /tmp/ccu0s3kw.s
                    4⤵
                    • System Network Configuration Discovery
                    PID:757
                  • /usr/local/bin/as
                    as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc9zrxUK.o /tmp/ccu0s3kw.s
                    4⤵
                    • System Network Configuration Discovery
                    PID:757
                  • /usr/sbin/as
                    as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc9zrxUK.o /tmp/ccu0s3kw.s
                    4⤵
                    • System Network Configuration Discovery
                    PID:757
                  • /usr/bin/as
                    as -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc9zrxUK.o /tmp/ccu0s3kw.s
                    4⤵
                    • System Network Configuration Discovery
                    • Writes file to tmp directory
                    PID:757
                  • /usr/lib/gcc/mips-linux-gnu/6/collect2
                    /usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccO91QCj.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o phfontphf /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/cc9zrxUK.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
                    4⤵
                    • Writes file to tmp directory
                    PID:759
                    • /usr/bin/ld
                      /usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccO91QCj.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o phfontphf /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/cc9zrxUK.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o
                      5⤵
                      • Writes file to tmp directory
                      PID:761
              • /bin/ln
                ln -s /usr/photon/bin/phfont ./phfont
                2⤵
                  PID:763
                • /tmp/platforms/QNX/local/phfont
                  ./phfont
                  2⤵
                    PID:765
                  • /bin/rm
                    rm phfont phfontphf phfontphf.c
                    2⤵
                      PID:767

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/cc9zrxUK.o
                    Filesize

                    1KB

                    MD5

                    6eee2775c03bdcc7c09021dc2ee86edf

                    SHA1

                    f6b0389973bf27a90dbebe8b645b48cd13bbca61

                    SHA256

                    7d3b20d1a2d6a0608050d3f92e7b33f8e86f696212dbac2fa0f01966da805303

                    SHA512

                    63ffbd114d9fe6b608839ed51e4f15a66ba19eda61e2799356aedf5aae8ebeddbaae64dbc12bb21c5c97f9de2beafd853d6784ddcb0ed67588aef1594d03fb5b

                    Download Submit

                  • /tmp/ccu0s3kw.s
                    Filesize

                    1KB

                    MD5

                    baa43a16cd4a2fe7c0f1549e4ea47203

                    SHA1

                    d6ebaed1fd48af48e55382e91cdf77d338262a76

                    SHA256

                    474bed2b1a537053a3ccecb2a8f89ed49b23ec5d82725daebd4904960d8594d4

                    SHA512

                    42792bdf80e1f96061595f9c7a10c65669b729cec52961b1e427498135e70b83f8eaf74779f6ec05f3dbd35e0cd6b926c293e8e17047ee5968f34dcf2e1fe6dd

                    Download Submit

                  • /tmp/platforms/QNX/local/phfontphf
                    Filesize

                    6KB

                    MD5

                    17f3c77b0f6acd40e24eb12b462a788f

                    SHA1

                    5417568481dd2ed0f51b5875200d9364ef33d5f8

                    SHA256

                    ddd1ac9daf699c31d5e00b21ee9d45a4da8426ceb4fe5c6f4b5aeec0842532ac

                    SHA512

                    46e44a3865c5903edfc98df32bb4d81a93e1a47cb50b9a0714f2e120f117ca60abb505c44d36e22166688955cf4926fee6b68b7e72f3ed0823d19688db2e2e08

                    Download Submit

                  • /tmp/platforms/QNX/local/phfontphf.c
                    Filesize

                    128B

                    MD5

                    21bbe0b519bf442c3afdf1ac622e0637

                    SHA1

                    4d068ce6feba9e3fb2c27408c94bff2637ca22ec

                    SHA256

                    0d8d3adeed3013b55b9cd8e3ac5cbad673ce4aa214e2cd44c15dc4f2a6fdec36

                    SHA512

                    e476b1c6d6f7a2c3aab88733daae032f86d4bc9ca6b0b5e535875682579a14ac276cd8aadee5bc62a6426bf69a44d12f6b954d1bae9cc8e821108422af8b5fd4

                    Download Submit