malware-dataset/linux/22e4a57ac560ebe1eff8957906589f4dd5934ee555ebcc0f7ba613b07fad2c13/analysis/dropped/7907f0c8-12f1-6ee0-a51f-b896e0a85dfe/event.json

{
  "data": {
    "ancestors": "/usr/lib/systemd/systemd|/usr/sbin/sshd|/usr/sbin/sshd|/usr/sbin/sshd|/usr/bin/sudo",
    "command_line": "/tmp/sample.bin",
    "exe": {
      "path": "/tmp/sample.bin"
    },
    "path": "/tmp/.xdiag/elog"
  },
  "info": {
    "host": {
      "uuid": "3eff9364-90b8-5293-9f42-0ea09fbefe18",
      "name": "kunai-sandbox",
      "container": null
    },
    "event": {
      "source": "kunai",
      "id": 87,
      "name": "write_close",
      "uuid": "7907f0c8-12f1-6ee0-a51f-b896e0a85dfe",
      "batch": 354
    },
    "task": {
      "name": "sample.bin",
      "pid": 2870,
      "tgid": 2870,
      "guuid": "fe8126fb-1200-0000-4c09-d804360b0000",
      "uid": 0,
      "gid": 0,
      "namespaces": {
        "mnt": 4026531841
      },
      "flags": "0x400100"
    },
    "parent_task": {
      "name": "sudo",
      "pid": 2869,
      "tgid": 2869,
      "guuid": "7a5427f8-1200-0000-4c09-d804350b0000",
      "uid": 1000,
      "gid": 0,
      "namespaces": {
        "mnt": 4026531841
      },
      "flags": "0x400100"
    },
    "utc_time": "2024-11-06T21:19:26.872503898Z"
  }
}
analysis: prctl sample 2024-11-07 09:16:34 +00:00			`{`
			`"data": {`
			`"ancestors": "/usr/lib/systemd/systemd\|/usr/sbin/sshd\|/usr/sbin/sshd\|/usr/sbin/sshd\|/usr/bin/sudo",`
			`"command_line": "/tmp/sample.bin",`
			`"exe": {`
			`"path": "/tmp/sample.bin"`
			`},`
			`"path": "/tmp/.xdiag/elog"`
			`},`
			`"info": {`
			`"host": {`
			`"uuid": "3eff9364-90b8-5293-9f42-0ea09fbefe18",`
			`"name": "kunai-sandbox",`
			`"container": null`
			`},`
			`"event": {`
			`"source": "kunai",`
			`"id": 87,`
			`"name": "write_close",`
			`"uuid": "7907f0c8-12f1-6ee0-a51f-b896e0a85dfe",`
			`"batch": 354`
			`},`
			`"task": {`
			`"name": "sample.bin",`
			`"pid": 2870,`
			`"tgid": 2870,`
			`"guuid": "fe8126fb-1200-0000-4c09-d804360b0000",`
			`"uid": 0,`
			`"gid": 0,`
			`"namespaces": {`
			`"mnt": 4026531841`
			`},`
			`"flags": "0x400100"`
			`},`
			`"parent_task": {`
			`"name": "sudo",`
			`"pid": 2869,`
			`"tgid": 2869,`
			`"guuid": "7a5427f8-1200-0000-4c09-d804350b0000",`
			`"uid": 1000,`
			`"gid": 0,`
			`"namespaces": {`
			`"mnt": 4026531841`
			`},`
			`"flags": "0x400100"`
			`},`
			`"utc_time": "2024-11-06T21:19:26.872503898Z"`
			`}`
			`}`