Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    371-1-0x00008000-0x0002c818-memory.dmp

  • Size

    101KB

  • Sample

    230710-f9y1ksgg79

  • MD5

    bcceeed8dc2385bf7be9d7792bcdc920

  • SHA1

    b293ea91243192416ef85a3a33a51a29f5ac0509

  • SHA256

    c1c5d0abc1328626587743298f4f87a63205f47a893578881b0b7312e8d11e81

  • SHA512

    e34e1788cd7deadf008055e744ccef3a600aa4e22bed3471e9819ae66776bbafefc520fcea408efce3098f0151b9c26da8f58ec2291589589a82d71d3b64624e

  • SSDEEP

    3072:xO+02yNCgsCwXBQHzIv10yw9mrsplDKZUjQBKXAVanrX+F8Jyvu7hLR8jg8r7tZL:xO+02yNCgsCwXBwzIvGyw9mrsplDKZUk

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      371-1-0x00008000-0x0002c818-memory.dmp

    • Size

      101KB

    • MD5

      bcceeed8dc2385bf7be9d7792bcdc920

    • SHA1

      b293ea91243192416ef85a3a33a51a29f5ac0509

    • SHA256

      c1c5d0abc1328626587743298f4f87a63205f47a893578881b0b7312e8d11e81

    • SHA512

      e34e1788cd7deadf008055e744ccef3a600aa4e22bed3471e9819ae66776bbafefc520fcea408efce3098f0151b9c26da8f58ec2291589589a82d71d3b64624e

    • SSDEEP

      3072:xO+02yNCgsCwXBQHzIv10yw9mrsplDKZUjQBKXAVanrX+F8Jyvu7hLR8jg8r7tZL:xO+02yNCgsCwXBwzIvGyw9mrsplDKZUk

    Score
    9/10
    • Contacts a large (20559) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v6

Tasks