Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
136s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
28/01/2025, 15:46
Behavioral task
behavioral1
Sample
rjfe686.elf
Resource
ubuntu2204-amd64-20240729-en
ubuntu-22.04-amd64
4 signatures
150 seconds
General
-
Target
rjfe686.elf
-
Size
103KB
-
MD5
629722529f40a77b78cbf15f21c5a153
-
SHA1
c78deee169e0ff1e9e82ba9cd763ea2fbde24cdf
-
SHA256
82f51553e8b7f7bce47f729d857582e1a96e600a3bf31f2c341f987c560d7422
-
SHA512
32813dd08264c1f32ae5a470cf944c784b7bf122143dbef988a00ce5b2be671530a50f56cc99eaa21226b41db387bde01457f2f3874d47f34227b43f797c35e1
-
SSDEEP
1536:lwGeIhHgIxJY55QbQ6CUiZvR0dNyDWNwfvaNU1esS8/yHVwBhZzsX8A:lwGFhHTxaQk6CUiZpyavaNU1e38rzB
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid 1575 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Changes the process name, possibly in an attempt to hide itself httpd 1574 -
description ioc File opened for reading /proc/86/cmdline File opened for reading /proc/99/cmdline File opened for reading /proc/593/cmdline File opened for reading /proc/834/cmdline File opened for reading /proc/870/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/94/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/414/cmdline File opened for reading /proc/636/cmdline File opened for reading /proc/639/cmdline File opened for reading /proc/113/cmdline File opened for reading /proc/201/cmdline File opened for reading /proc/974/cmdline File opened for reading /proc/1092/cmdline File opened for reading /proc/1103/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/114/cmdline File opened for reading /proc/119/cmdline File opened for reading /proc/642/cmdline File opened for reading /proc/1044/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/95/cmdline File opened for reading /proc/97/cmdline File opened for reading /proc/1060/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/85/cmdline File opened for reading /proc/222/cmdline File opened for reading /proc/667/cmdline File opened for reading /proc/1050/cmdline File opened for reading /proc/1167/cmdline File opened for reading /proc/88/cmdline File opened for reading /proc/1129/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/91/cmdline File opened for reading /proc/93/cmdline File opened for reading /proc/96/cmdline File opened for reading /proc/218/cmdline File opened for reading /proc/1107/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/408/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/862/cmdline File opened for reading /proc/982/cmdline File opened for reading /proc/1112/cmdline File opened for reading /proc/89/cmdline File opened for reading /proc/92/cmdline File opened for reading /proc/263/cmdline File opened for reading /proc/860/cmdline File opened for reading /proc/1166/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/196/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/205/cmdline File opened for reading /proc/377/cmdline File opened for reading /proc/504/cmdline File opened for reading /proc/586/cmdline File opened for reading /proc/965/cmdline File opened for reading /proc/1086/cmdline