Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    141s
  • max time network
    142s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19/07/2023, 06:36

General

  • Target

    4045022d9d8a7c30bf9bfeb869316787.elf

  • Size

    47KB

  • MD5

    4045022d9d8a7c30bf9bfeb869316787

  • SHA1

    70ff71011715546c8bc264b7a1174cc906c1cbd2

  • SHA256

    7e8ed99814dcf4ed35bf9d0c6da35ab7241bc240bba422beb72ecea335a8d0a3

  • SHA512

    0ac30d43e3d9ba0c243c1bc28f8afbd8b41ecb06034c27d2701c686c213ba548931d8336420c1f573220b24502b93deb202e74624535bb45a4ef880809e45716

  • SSDEEP

    768:g2uYpslIdHqxYbGiQdQqTvO11ZWF+mAx7NhVsaVyKheI9VPnOABlSdmOWFah70uN:buOdHqabihvOrZ4EVVAAVPnO4Sdmja/N

Score
9/10

Malware Config

Signatures

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/4045022d9d8a7c30bf9bfeb869316787.elf
    /tmp/4045022d9d8a7c30bf9bfeb869316787.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Reads runtime system information
    • Writes file to tmp directory
    PID:575

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads