Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

457347ff93...6b.elf

debian-9-armhf

7

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20221111-en
  • resource tags

    arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    08/07/2023, 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    457347ff939e723c4d52e876160ba66b.elf

  • Size

    139KB

  • MD5

    457347ff939e723c4d52e876160ba66b

  • SHA1

    6c6c91f9ed99c0fedfc20540de96da2458ffc357

  • SHA256

    429969318b33278b0e232cce302dd055fb3bb0eddf8270155c21ec24d41fcb19

  • SHA512

    c737580694fc2f29a61ea8ab35416b2ab16f762af5a320dbc1efbbcb569b7b0a2a4dfa2de4f8d7757ea0d356325c0162908459a22235f7ab30d5559400f22d6d

  • SSDEEP

    3072:Cv/WwsLgaq353qHiCOvhOpfqkDQHbeskmhxQwoVSUNu:KPLaq351hOpfqkLskmhxQwoVSUNu

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/457347ff939e723c4d52e876160ba66b.elf
    /tmp/457347ff939e723c4d52e876160ba66b.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:371

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads