Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20231215-en -
resource tags
-
submitted
20/12/2023, 01:05
General
-
Target
774c83dc5d3445606dd21463e6944dd2
-
Size
211KB
-
MD5
774c83dc5d3445606dd21463e6944dd2
-
SHA1
118852631b0d7ed83e65b2a6f8224740e7443ef4
-
SHA256
4f9e162882aa0d8619c7d8f391075d29bf656e943ea9eed7ef7a586dbbc59842
-
SHA512
851ebfa3269b54fd85df8d2bedb4580c0016f7683b443553bf8a0f3e7e72cf48662e962185b44cfb3ec6dc504a622eb4b6b5fa6d3fdf6725200353d8235dd9ec
-
SSDEEP
3072:fhahz/4OQTeCJllo1yFIUEPM7V7Fqm7e1H1TXhkmU8h2aAOJHJZNJ:QFC1ogF5pU1H1rhkmU8h2aAOJHJZNJ
Malware Config
Signatures
-
Contacts a large (50158) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information 24 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/774c83dc5d3445606dd21463e6944dd2/tmp/774c83dc5d3445606dd21463e6944dd21⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration