Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
151s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
06/07/2023, 01:18
Behavioral task
behavioral1
Sample
44b7b82b52917b10e6a7e564d5580ab9c7eaf93fac35eb5962fc8a9cf79af181.elf
Resource
debian9-armhf-en-20211208
debian-9-armhf
3 signatures
150 seconds
General
-
Target
44b7b82b52917b10e6a7e564d5580ab9c7eaf93fac35eb5962fc8a9cf79af181.elf
-
Size
117KB
-
MD5
3252ee407e3259bd1ac8a84031a21021
-
SHA1
0fc90fc50cd683a971497c4f69cdbd2bf02f2080
-
SHA256
44b7b82b52917b10e6a7e564d5580ab9c7eaf93fac35eb5962fc8a9cf79af181
-
SHA512
98ed25e128a844261f150b0a9f4b44aaa4ab9b6987531233889a97ba49aa48ecc4c6f121ca1b20d7dc7319cefa02caa15ea132ed3dc5451fb90fb0043335dade
-
SSDEEP
3072:AQO3WqApOKMoMuPGYlqqiao4+EuNM/9cE:AQO3SXMoMuPzQqY4+E4M/9cE
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 351 44b7b82b52917b10e6a7e564d5580ab9c7eaf93fac35eb5962fc8a9cf79af181.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/15/cmdline File opened for reading /proc/233/cmdline File opened for reading /proc/345/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/74/cmdline File opened for reading /proc/154/cmdline File opened for reading /proc/307/cmdline File opened for reading /proc/348/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/131/cmdline File opened for reading /proc/144/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/361/cmdline File opened for reading /proc/381/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/105/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/132/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/347/cmdline File opened for reading /proc/366/cmdline File opened for reading /proc/387/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/103/cmdline File opened for reading /proc/207/cmdline File opened for reading /proc/228/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/106/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/95/cmdline File opened for reading /proc/271/cmdline File opened for reading /proc/350/cmdline File opened for reading /proc/371/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/304/cmdline File opened for reading /proc/359/cmdline File opened for reading /proc/367/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/276/cmdline File opened for reading /proc/285/cmdline File opened for reading /proc/369/cmdline File opened for reading /proc/377/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/225/cmdline File opened for reading /proc/230/cmdline File opened for reading /proc/375/cmdline File opened for reading /proc/379/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/275/cmdline