Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    40274s
  • max time network
    152s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    19/03/2023, 20:26

General

  • Target

    bok.mips.elf

  • Size

    35KB

  • MD5

    e6df40d7a8466659262ba7ccedcde3f3

  • SHA1

    02149fef9322b9d27d4f524f695530312318cb9a

  • SHA256

    29ccf8a259158899ed74ae8ed63b9dc78a7a42a38c775f907426829c22dadb45

  • SHA512

    38591aa9a60b16458b63566c0766387a3bb4e1ff8f1b308f20d3ba1729b78c9e8528a808d4e431cd2e6be75dc1b6a1bfe05a0115653599857caeb444e6d6bee4

  • SSDEEP

    768:elMB/UAIKEfqGrWwGUezx0ip2bT5oApNyBhvtsr1RzeyjsQ7SO0RJgGlzDpbuR16:eiBsAIurwGXxobloAybvtORz9jF4VJu2

Score
9/10

Malware Config

Signatures

  • Contacts a large (44792) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bok.mips.elf
    /tmp/bok.mips.elf
    1⤵
    • Writes file to tmp directory
    PID:320

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads