Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20231026-en -
resource tags
arch:armhfimage:debian9-armhf-20231026-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
02/11/2023, 21:51
Behavioral task
behavioral1
Sample
dbb63b126b96d69b4e974b0c4d8abf19.elf
Resource
debian9-armhf-20231026-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
dbb63b126b96d69b4e974b0c4d8abf19.elf
-
Size
75KB
-
MD5
dbb63b126b96d69b4e974b0c4d8abf19
-
SHA1
cd22b768664df0f09cd534f1dffc3cab42b0c8e0
-
SHA256
4bfd26e84606606d6c95109b0cbb4ff3ce85fa18490f7098592c0fc80fb61f50
-
SHA512
c8d1842c680200524e0d7ca84e996d24bc667b31ddf16259ad71cc47d74055b55f17999b6620825792f3bee69503ec15bcfa48c2ef3a02751132e650a49266d9
-
SSDEEP
1536:p73aESIzwoWAU8wMzuni03Otb1wTvRBsFprty4i7:p73utLMzuispBIe
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 658 dbb63b126b96d69b4e974b0c4d8abf19.elf -
Deletes itself 1 IoCs
pid 661 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 55 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/105/cmdline File opened for reading /proc/23/cmdline File opened for reading /proc/42/cmdline File opened for reading /proc/278/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/22/cmdline File opened for reading /proc/272/cmdline File opened for reading /proc/274/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/108/cmdline File opened for reading /proc/9/cmdline File opened for reading /proc/15/cmdline File opened for reading /proc/141/cmdline File opened for reading /proc/8/cmdline File opened for reading /proc/11/cmdline File opened for reading /proc/26/cmdline File opened for reading /proc/220/cmdline File opened for reading /proc/320/cmdline File opened for reading /proc/4/cmdline File opened for reading /proc/21/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/594/cmdline File opened for reading /proc/2/cmdline File opened for reading /proc/6/cmdline File opened for reading /proc/29/cmdline File opened for reading /proc/5/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/13/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/139/cmdline File opened for reading /proc/276/cmdline File opened for reading /proc/323/cmdline File opened for reading /proc/3/cmdline File opened for reading /proc/277/cmdline File opened for reading /proc/132/cmdline File opened for reading /proc/17/cmdline File opened for reading /proc/28/cmdline File opened for reading /proc/41/cmdline File opened for reading /proc/591/cmdline File opened for reading /proc/27/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/75/cmdline File opened for reading /proc/96/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/273/cmdline File opened for reading /proc/322/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/14/cmdline File opened for reading /proc/7/cmdline File opened for reading /proc/107/cmdline File opened for reading /proc/335/cmdline File opened for reading /proc/43/cmdline File opened for reading /proc/147/cmdline File opened for reading /proc/596/cmdline File opened for reading /proc/25/cmdline