Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20/12/2023, 00:48
Static task
static1
Behavioral task
behavioral1
Sample
7607eb1dd67869d255ed26b06841370f
Resource
debian9-armhf-20231215-en
General
-
Target
7607eb1dd67869d255ed26b06841370f
-
Size
25KB
-
MD5
7607eb1dd67869d255ed26b06841370f
-
SHA1
5b5800608056a2d95105f561baee3e45790f9856
-
SHA256
47ceeaabf4c2185472e99fd8544f0b211fe8d876a9edd9fe504b6e3b0eb7cfd5
-
SHA512
e36df947d8098d4d586157710e094c1cf1f1c6fe4c97e341111e0f616144182e289cb5307f35ef9a76fc547bda64dfc8d2fab53eecbe0571034a5c6086aa7471
-
SSDEEP
384:hCqWwP5ZiqIYZEQvB7Abd+dRkWTCM4arXd69KYdLSBLDnNxlFx4ep7s:hr9RfPvB7AbeRkuCMTrGw3nN05
Malware Config
Signatures
-
Contacts a large (23508) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 656 7607eb1dd67869d255ed26b06841370f -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 7607eb1dd67869d255ed26b06841370f File opened for modification /dev/misc/watchdog 7607eb1dd67869d255ed26b06841370f -
Writes file to system bin folder 1 TTPs 1 IoCs
description ioc Process File opened for modification /sbin/watchdog 7607eb1dd67869d255ed26b06841370f