Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

eeccf51bb2...ddd6ab

ubuntu-18.04-amd64

7

eeccf51bb2...ddd6ab

debian-9-armhf

7

eeccf51bb2...ddd6ab

debian-9-mips

7

eeccf51bb2...ddd6ab

debian-9-mipsel

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20221125-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20221125-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    15/05/2023, 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • Size

    41KB

  • MD5

    b9e02521a0bb96eb0528c170770a0c2d

  • SHA1

    eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab

  • SHA256

    bb4c8ee23103cd57741a1008552dae1038c17c505dd16f80571d795d91892cad

  • SHA512

    6ecd57b14e5377c880d759979d0c3f461ed93a2f2c4ab69dfb3a550e973460e769c453d1ff38efe9d5e0c4aba43cddcf90bb5ff5a1e9b8dbb54095c3c688c6ba

  • SSDEEP

    384:l0FINvSo5o/Ds3oIywe4Xz2Ye6rDBzgHZ4zRZn7hElu/tOJJJ2JJJuOfvuy/97MA:qCv3oIywe4Xz2YeIDBzgHShFMSZf

Score
7/10
persistence

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab
    /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab
    1⤵
    • Changes its process name
    PID:327
  • sh
    sh -c "echo '* * * * * /tmp/eeccf51bb2274f325ca54ae3f9ebe857e0ddd6ab' >> newcrontab ; crontab newcrontab; rm -fr newcrontab"
    1⤵
    • Writes file to tmp directory
    PID:333
    • crontab
      crontab newcrontab
      2⤵
      • Creates/modifies Cron job
      • Reads runtime system information
      PID:334
    • rm
      rm -fr newcrontab
      2⤵
        PID:335

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/newcrontab
      Filesize

      56B

      MD5

      36a15ca328f6f858509d4c27ae7246ec

      SHA1

      7c279b68431e8fb049a5644dbf36dd1b0ace7b58

      SHA256

      53e802c281234769526fe2d9470664467f533d092c0126e423bedba7a7c6efbf

      SHA512

      568c11275e2240618b99924ff8416044d8e1a032e6a9a29d938850157923acf85e820cccd2125be938b9c1a30347919c552721d26dbe14e4f059af2a34dd400a

      Download Submit

    • /var/spool/cron/crontabs/tmp.qxq8nf
      Filesize

      240B

      MD5

      2535c96bd4f836492202e9eb796adf7a

      SHA1

      a5305df9675834407c6b126b39574978d67bbbec

      SHA256

      affcd02f86c9f7596a8f257e02cf3970fd003bca84efe2846511ed897ac7ace4

      SHA512

      e1cc079d465696a7e5dfc4cec12b84d36a2da845bc6b4ebf4747adc3497cc8691df84c08d75cf1ba41d80c891526a3f5cf43b328cc4bb5ceac52d107da961d63

      Download Submit