Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    148s
  • max time network
    144s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230831-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    18/09/2023, 01:33

General

  • Target

    68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf

  • Size

    113KB

  • MD5

    36555ac6a89890b5fc6d1dfc654b1111

  • SHA1

    b46f7130ba49ca18cf98432faf90a4e45e7ec89c

  • SHA256

    68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd

  • SHA512

    f43fdf84784fd93e1c62adb3b0929c9c312b51b620312ad234c42d6ef4d94946861c5bde336fcf7e64bdde20fa50d40356b1e78351032ad50cc7c36810f6d62a

  • SSDEEP

    3072:kiry859a2ADJf9wHYqbgFFo8+HeA6+TRCm7FnVqfJXFWbNb:T9a2aLqkrM1sm7FnVqfJXFWbNb

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf
    /tmp/68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:603

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads