Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    176s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08/03/2023, 12:37

General

  • Target

    0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf

  • Size

    158KB

  • MD5

    7940b47f142572132e726897adac0432

  • SHA1

    af48cd3ee154f36c6a88dccd2680e268e7534418

  • SHA256

    0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe

  • SHA512

    bbb01a3c30cf30fc6d490c38dadfb0926cf24f3ba557a24c93ed78b235fcd55e5c01932577d16c6dc9d9737a48f67bd3090f9396d1d791c89613b3c536348089

  • SSDEEP

    3072:2GMavKqPtHGHAGhYaIrIomY90AoTthWZLptbAu2LUM/93okPZf7:2GMSKqPXEYaMIomY90BTtsfbAu2wM/9b

Score
9/10

Malware Config

Signatures

  • Contacts a large (35573) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
    /tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf
    1⤵
      PID:368
      • /bin/sh
        /bin/sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf d�bin/watchdog; chmod 777 bin/watchdog"
        2⤵
          PID:369
          • /bin/rm
            rm -rf bin/watchdog
            3⤵
              PID:370
            • /bin/mkdir
              mkdir bin
              3⤵
              • Reads runtime system information
              PID:371
            • /bin/mv
              mv "/tmp/0172b45249c955ea8c1b201b44f84249944729240d8b7682e5d8e98246ea27fe.elf" "d�bin/watchdog"
              3⤵
              • Reads runtime system information
              PID:376
            • /bin/chmod
              chmod 777 "bin/watchdog"
              3⤵
                PID:377

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads