Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
158s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
19/12/2023, 23:29
Behavioral task
behavioral1
Sample
6916f47a88f2bc37aa09c7035793ae4e
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
General
-
Target
6916f47a88f2bc37aa09c7035793ae4e
-
Size
64KB
-
MD5
6916f47a88f2bc37aa09c7035793ae4e
-
SHA1
2e475fda95e8f2989a66316c7274981ea87d7fbf
-
SHA256
ceec67659e83a609c7c303e24a0efbcc93bf02e2137607ca22030680e769f034
-
SHA512
8c4dfb5542c42a9035eba4176fa293ffe7ba603efb0fe216758f38c079c352317946df8c56a85c84c87bc2e05ed9b54fa87d60964f2030c9f98cc5e3e30df800
-
SSDEEP
1536:IIG9170vwHbQXZ5+qXDEuXi9aBSW7V/DjObeFt6PuQ4ZO:I917iwHbQXZ5+qXA59eSWZ/XObeb6GZZ
Malware Config
Signatures
-
Contacts a large (20638) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/1856/exe File opened for reading /proc/1063/fd File opened for reading /proc/1598/exe File opened for reading /proc/1352/fd File opened for reading /proc/1647/exe File opened for reading /proc/940/fd File opened for reading /proc/641/fd File opened for reading /proc/950/fd File opened for reading /proc/865/exe File opened for reading /proc/1609/exe File opened for reading /proc/478/fd File opened for reading /proc/2003/exe File opened for reading /proc/601/fd File opened for reading /proc/600/exe File opened for reading /proc/1533/exe File opened for reading /proc/1815/exe File opened for reading /proc/1859/exe File opened for reading /proc/448/fd File opened for reading /proc/1852/exe File opened for reading /proc/1664/exe File opened for reading /proc/1924/exe File opened for reading /proc/1959/exe File opened for reading /proc/962/exe File opened for reading /proc/448/exe File opened for reading /proc/474/exe File opened for reading /proc/1292/fd File opened for reading /proc/1090/fd File opened for reading /proc/1110/fd File opened for reading /proc/1178/fd File opened for reading /proc/1541/fd File opened for reading /proc/445/exe File opened for reading /proc/1595/exe File opened for reading /proc/1800/exe File opened for reading /proc/572/fd File opened for reading /proc/1870/exe File opened for reading /proc/1104/fd File opened for reading /proc/1148/fd File opened for reading /proc/1136/exe File opened for reading /proc/1957/exe File opened for reading /proc/644/fd File opened for reading /proc/1136/fd File opened for reading /proc/2139/exe File opened for reading /proc/451/fd File opened for reading /proc/474/fd File opened for reading /proc/1738/exe File opened for reading /proc/1822/exe File opened for reading /proc/1953/exe File opened for reading /proc/721/fd File opened for reading /proc/1235/fd File opened for reading /proc/479/exe File opened for reading /proc/1531/exe File opened for reading /proc/445/fd File opened for reading /proc/1567/exe File opened for reading /proc/1070/fd File opened for reading /proc/1868/exe File opened for reading /proc/1948/exe File opened for reading /proc/2026/exe File opened for reading /proc/454/fd File opened for reading /proc/537/exe File opened for reading /proc/1584/exe File opened for reading /proc/1/fd File opened for reading /proc/714/fd File opened for reading /proc/956/exe File opened for reading /proc/1964/exe