Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    347-1-0x00400000-0x0045de6c-memory.dmp

  • Size

    94KB

  • Sample

    231103-bg4m5shg6x

  • MD5

    75b559b8aec936b710ce5d5655eb09e1

  • SHA1

    874740af6fc77899e1d5f8a2b75b21994b2c7073

  • SHA256

    a3f84b81777e477d76459623d37b4fb5cfdd52e19c59b3fd0993c9e6b42dac72

  • SHA512

    f8d8e70048b2db1e4331c621c112ddc286735dca7f1e52c42ef1a6a6a601d398b9a32452053b9e8c87a5a26f9a4e0023c13a53372ba0aeea82aecceddcfea9b8

  • SSDEEP

    1536:wcizN5U1BwGYoyAiJL5e3ZFBA8M1L2pvMYW1OSKNgv:w3puA5e3VXEOSKev

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      347-1-0x00400000-0x0045de6c-memory.dmp

    • Size

      94KB

    • MD5

      75b559b8aec936b710ce5d5655eb09e1

    • SHA1

      874740af6fc77899e1d5f8a2b75b21994b2c7073

    • SHA256

      a3f84b81777e477d76459623d37b4fb5cfdd52e19c59b3fd0993c9e6b42dac72

    • SHA512

      f8d8e70048b2db1e4331c621c112ddc286735dca7f1e52c42ef1a6a6a601d398b9a32452053b9e8c87a5a26f9a4e0023c13a53372ba0aeea82aecceddcfea9b8

    • SSDEEP

      1536:wcizN5U1BwGYoyAiJL5e3ZFBA8M1L2pvMYW1OSKNgv:w3puA5e3VXEOSKev

    Score
    9/10
    • Contacts a large (110780) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks