Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
157s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20/12/2023, 01:17
Behavioral task
behavioral1
Sample
78253e96ebfe4e9e8db74c68e3b1b082
Resource
ubuntu1804-amd64-20231215-en
General
-
Target
78253e96ebfe4e9e8db74c68e3b1b082
-
Size
29KB
-
MD5
78253e96ebfe4e9e8db74c68e3b1b082
-
SHA1
1c273463c9577e9264397b08f5b7e8367abf48fa
-
SHA256
aff3faa47c356b0f6e5af84e16fa54c21e6d45b7170134ccd252328002551cf7
-
SHA512
0dbc15da2a441c5634e3c8ea011af336a74d7b0b0165ecc0571ef55df84196f9930a45079467a7badee8a5241e17453dca1b4f98442a659597295ad734b3a6b1
-
SSDEEP
384:cDsXRFF282R4Gs0kp3OjUjidRedJFzac+FR+DuuI855C5WkXRBLeiFQv9WaA8w3z:cD4n2R4Gs0kp3acFekw35vSiFM9DQk
Malware Config
Signatures
-
Contacts a large (23673) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself 1547 78253e96ebfe4e9e8db74c68e3b1b082 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 78253e96ebfe4e9e8db74c68e3b1b082 File opened for modification /dev/misc/watchdog 78253e96ebfe4e9e8db74c68e3b1b082 -
Writes file to system bin folder 1 TTPs 1 IoCs
description ioc Process File opened for modification /sbin/watchdog 78253e96ebfe4e9e8db74c68e3b1b082