Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231215-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    19/12/2023, 23:29

General

  • Target

    6916f47a88f2bc37aa09c7035793ae4e

  • Size

    64KB

  • MD5

    6916f47a88f2bc37aa09c7035793ae4e

  • SHA1

    2e475fda95e8f2989a66316c7274981ea87d7fbf

  • SHA256

    ceec67659e83a609c7c303e24a0efbcc93bf02e2137607ca22030680e769f034

  • SHA512

    8c4dfb5542c42a9035eba4176fa293ffe7ba603efb0fe216758f38c079c352317946df8c56a85c84c87bc2e05ed9b54fa87d60964f2030c9f98cc5e3e30df800

  • SSDEEP

    1536:IIG9170vwHbQXZ5+qXDEuXi9aBSW7V/DjObeFt6PuQ4ZO:I917iwHbQXZ5+qXA59eSWZ/XObeb6GZZ

Score
9/10

Malware Config

Signatures

  • Contacts a large (20638) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/6916f47a88f2bc37aa09c7035793ae4e
    /tmp/6916f47a88f2bc37aa09c7035793ae4e
    1⤵
      PID:1535

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads