Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    18/04/2023, 12:45

General

  • Target

    fedd7b9e3fb66cd8a521a5e1916696ae.elf

  • Size

    104KB

  • MD5

    fedd7b9e3fb66cd8a521a5e1916696ae

  • SHA1

    8d74dc8783724da05a20135c7225d12c68dbb2aa

  • SHA256

    90afe1dbb17c11ff9bc870842bcda7d9829a996b4f40de6a40e1235ce9d15fba

  • SHA512

    ce03cc85fb2c31c130212e9c37f64d4086a59a31ee72bb2076b0c37ec1f5d44a2842067dbcdca8dbe4d8c5c1412bf4177f8c6d4ef8f7f946cd9ca1b57de92411

  • SSDEEP

    3072:olhUX+jP9NWjVzH4hh+d2TBvMt9M/9QhMeF:oUujPWjVzH0hPvMXM/9QhMeF

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Contacts a large (1493) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/fedd7b9e3fb66cd8a521a5e1916696ae.elf
    /tmp/fedd7b9e3fb66cd8a521a5e1916696ae.elf
    1⤵
    • Writes file to tmp directory
    PID:352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads