Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2d4044f9d92638e4b1163add79b7e2fd

  • Size

    105KB

  • Sample

    231219-2sljtadgdm

  • MD5

    2d4044f9d92638e4b1163add79b7e2fd

  • SHA1

    36fb0c14df4c4a32dfe671b7b69ad394f1e00490

  • SHA256

    7d81b0d3f1ad55882ac3f637f7b012006fcafe9dbd11af66e4cac72883699c08

  • SHA512

    74ff841b6119d4d9496310516b231a97c04819bc27f8440adac51e1b1afdd7135790e9c273bbafe55905f01ba8742fb60dbe7aac94006b77f3066a00afd43776

  • SSDEEP

    1536:fHYAO6NGjjvXebe/0hCsRHHnMiV+J6VkLFBt:PYV6NeKa0jVC9b

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      2d4044f9d92638e4b1163add79b7e2fd

    • Size

      105KB

    • MD5

      2d4044f9d92638e4b1163add79b7e2fd

    • SHA1

      36fb0c14df4c4a32dfe671b7b69ad394f1e00490

    • SHA256

      7d81b0d3f1ad55882ac3f637f7b012006fcafe9dbd11af66e4cac72883699c08

    • SHA512

      74ff841b6119d4d9496310516b231a97c04819bc27f8440adac51e1b1afdd7135790e9c273bbafe55905f01ba8742fb60dbe7aac94006b77f3066a00afd43776

    • SSDEEP

      1536:fHYAO6NGjjvXebe/0hCsRHHnMiV+J6VkLFBt:PYV6NeKa0jVC9b

    Score
    9/10
    • Contacts a large (10007) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks