Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
160s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
-
submitted
19/12/2023, 22:49
General
-
Target
2c14fb5a5ce3159107d36998a0125604
-
Size
124KB
-
MD5
2c14fb5a5ce3159107d36998a0125604
-
SHA1
dd7cb9eb4b6fd31a43022b551d6a1b42bbdca51e
-
SHA256
695f529b99a56c2796231e95bfcd8ec001b18267d602d67efc646f7dce44c264
-
SHA512
b2d16997264dbd8abcf6da0c23e67fe4e2b3158b91e3431fed9a54eca679232a57df2ba3e446b9582d9b56bc55bdb9188a75e89884e75b8929ba8a2dcbf4cc7b
-
SSDEEP
3072:EXK5gTpEEXRln17moxcQ+RxpusiG35ikhzD9oY4giAGaJpP:EXK5yEEXRdzc3OG35i+zD9oY4giAGaJ9
Malware Config
Signatures
-
Contacts a large (70536) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
/tmp/2c14fb5a5ce3159107d36998a0125604/tmp/2c14fb5a5ce3159107d36998a01256041⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration