Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
157s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/12/2023, 22:23
Behavioral task
behavioral1
Sample
03eece0ed7f82e1c3837a689fed92310
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
General
-
Target
03eece0ed7f82e1c3837a689fed92310
-
Size
150KB
-
MD5
03eece0ed7f82e1c3837a689fed92310
-
SHA1
cbc9ccfe037996e783195046572a14dd6da010d2
-
SHA256
0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961
-
SHA512
7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768
-
SSDEEP
3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN
Malware Config
Signatures
-
Contacts a large (9696) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 1547 03eece0ed7f82e1c3837a689fed92310 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 03eece0ed7f82e1c3837a689fed92310 -
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 03eece0ed7f82e1c3837a689fed92310 File opened for reading /proc/net/tcp Process not Found -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/492/maps File opened for reading /proc/568/maps File opened for reading /proc/674/maps File opened for reading /proc/960/maps File opened for reading /proc/1264/maps File opened for reading /proc/1165/maps File opened for reading /proc/1553/maps File opened for reading /proc/1176/maps File opened for reading /proc/1189/maps File opened for reading /proc/1312/maps File opened for reading /proc/455/maps File opened for reading /proc/1138/maps File opened for reading /proc/1151/maps File opened for reading /proc/1202/maps File opened for reading /proc/1088/maps File opened for reading /proc/1182/maps File opened for reading /proc/1196/maps File opened for reading /proc/541/maps File opened for reading /proc/728/maps File opened for reading /proc/1046/maps File opened for reading /proc/1156/maps File opened for reading /proc/1337/maps File opened for reading /proc/468/maps File opened for reading /proc/722/maps File opened for reading /proc/1134/maps File opened for reading /proc/608/maps File opened for reading /proc/609/maps File opened for reading /proc/1017/maps File opened for reading /proc/1142/maps File opened for reading /proc/1552/maps File opened for reading /proc/477/maps File opened for reading /proc/480/maps File opened for reading /proc/501/maps File opened for reading /proc/502/maps File opened for reading /proc/1072/maps File opened for reading /proc/1200/maps File opened for reading /proc/1525/maps File opened for reading /proc/934/maps File opened for reading /proc/1097/maps File opened for reading /proc/1549/maps File opened for reading /proc/973/maps File opened for reading /proc/653/maps File opened for reading /proc/1155/maps File opened for reading /proc/1069/maps File opened for reading /proc/439/maps File opened for reading /proc/497/maps File opened for reading /proc/667/maps File opened for reading /proc/453/maps File opened for reading /proc/676/maps File opened for reading /proc/1065/maps File opened for reading /proc/1130/maps File opened for reading /proc/1192/maps File opened for reading /proc/1526/maps File opened for reading /proc/967/maps File opened for reading /proc/1171/maps File opened for reading /proc/1299/maps File opened for reading /proc/1465/maps File opened for reading /proc/1550/maps File opened for reading /proc/874/maps File opened for reading /proc/435/maps File opened for reading /proc/1159/maps File opened for reading /proc/1161/maps File opened for reading /proc/1105/maps File opened for reading /proc/479/maps