Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
20/12/2023, 01:05
Behavioral task
behavioral1
Sample
774c83dc5d3445606dd21463e6944dd2
Resource
debian9-mipsbe-20231215-en
General
-
Target
774c83dc5d3445606dd21463e6944dd2
-
Size
211KB
-
MD5
774c83dc5d3445606dd21463e6944dd2
-
SHA1
118852631b0d7ed83e65b2a6f8224740e7443ef4
-
SHA256
4f9e162882aa0d8619c7d8f391075d29bf656e943ea9eed7ef7a586dbbc59842
-
SHA512
851ebfa3269b54fd85df8d2bedb4580c0016f7683b443553bf8a0f3e7e72cf48662e962185b44cfb3ec6dc504a622eb4b6b5fa6d3fdf6725200353d8235dd9ec
-
SSDEEP
3072:fhahz/4OQTeCJllo1yFIUEPM7V7Fqm7e1H1TXhkmU8h2aAOJHJZNJ:QFC1ogF5pU1H1rhkmU8h2aAOJHJZNJ
Malware Config
Signatures
-
Contacts a large (50158) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 704 774c83dc5d3445606dd21463e6944dd2 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 774c83dc5d3445606dd21463e6944dd2 -
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 774c83dc5d3445606dd21463e6944dd2 File opened for reading /proc/net/tcp Process not Found -
Reads runtime system information 24 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/569/maps File opened for reading /proc/691/maps File opened for reading /proc/529/maps File opened for reading /proc/712/maps File opened for reading /proc/763/maps File opened for reading /proc/767/maps File opened for reading /proc/771/maps File opened for reading /proc/568/maps File opened for reading /proc/688/maps File opened for reading /proc/689/maps File opened for reading /proc/697/maps File opened for reading /proc/706/maps File opened for reading /proc/708/maps File opened for reading /proc/709/maps File opened for reading /proc/715/maps File opened for reading /proc/727/maps File opened for reading /proc/770/maps File opened for reading /proc/795/maps File opened for reading /proc/544/maps File opened for reading /proc/675/maps File opened for reading /proc/693/maps File opened for reading /proc/694/maps File opened for reading /proc/710/maps File opened for reading /proc/775/maps