Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
158s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
20/12/2023, 09:17
General
-
Target
9b274ebd92f75ee301fa11c47f372c35
-
Size
29KB
-
MD5
9b274ebd92f75ee301fa11c47f372c35
-
SHA1
70bf228ddeedce9d825e0d808f1e5dafa275d6ac
-
SHA256
03722748762a0798c41ef554c174c22b9a3f7078817e5807b43353f381abcc0c
-
SHA512
0323c4ed222c78b19eaba060ef0443bcde2df4da94cb1d2ef254b0c03c023baaf71ef65fff233e95021882f530e4a05c649851fee0b06841258f899dcc9cafb9
-
SSDEEP
768:cI4jDAtW30q3QomhroWfGV28wgbOEf5uo2e:cI4AQ0ApmBfl8CEf5uo2e
Malware Config
Signatures
-
Contacts a large (20814) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/437/fd Process not Found File opened for reading /proc/675/fd Process not Found File opened for reading /proc/316/fd Process not Found File opened for reading /proc/423/fd Process not Found File opened for reading /proc/425/fd Process not Found File opened for reading /proc/950/fd Process not Found File opened for reading /proc/1153/fd Process not Found File opened for reading /proc/1190/fd Process not Found File opened for reading /proc/428/fd Process not Found File opened for reading /proc/598/fd Process not Found File opened for reading /proc/1090/fd Process not Found File opened for reading /proc/955/fd Process not Found File opened for reading /proc/1184/fd Process not Found File opened for reading /proc/473/fd Process not Found File opened for reading /proc/962/fd Process not Found File opened for reading /proc/1126/fd Process not Found File opened for reading /proc/1138/fd Process not Found File opened for reading /proc/1159/fd Process not Found File opened for reading /proc/459/fd Process not Found File opened for reading /proc/699/fd Process not Found File opened for reading /proc/1022/fd Process not Found File opened for reading /proc/1134/fd Process not Found File opened for reading /proc/1163/fd Process not Found File opened for reading /proc/1518/fd Process not Found File opened for reading /proc/462/fd Process not Found File opened for reading /proc/1316/fd Process not Found File opened for reading /proc/1192/fd Process not Found File opened for reading /proc/self/exe 9b274ebd92f75ee301fa11c47f372c35 File opened for reading /proc/264/fd Process not Found File opened for reading /proc/551/fd Process not Found File opened for reading /proc/1057/fd Process not Found File opened for reading /proc/1143/fd Process not Found File opened for reading /proc/1177/fd Process not Found File opened for reading /proc/252/fd Process not Found File opened for reading /proc/449/fd Process not Found File opened for reading /proc/534/fd Process not Found File opened for reading /proc/655/fd Process not Found File opened for reading /proc/1122/fd Process not Found File opened for reading /proc/1171/fd Process not Found File opened for reading /proc/1253/fd Process not Found File opened for reading /proc/1065/fd Process not Found File opened for reading /proc/1069/fd Process not Found File opened for reading /proc/1300/fd Process not Found File opened for reading /proc/1528/fd Process not Found File opened for reading /proc/445/fd Process not Found File opened for reading /proc/461/fd Process not Found File opened for reading /proc/1017/fd Process not Found File opened for reading /proc/1081/fd Process not Found File opened for reading /proc/1456/fd Process not Found File opened for reading /proc/911/fd Process not Found File opened for reading /proc/1130/fd Process not Found File opened for reading /proc/1179/fd Process not Found File opened for reading /proc/959/fd Process not Found File opened for reading /proc/1036/fd Process not Found File opened for reading /proc/552/fd Process not Found File opened for reading /proc/717/fd Process not Found File opened for reading /proc/658/fd Process not Found File opened for reading /proc/1055/fd Process not Found File opened for reading /proc/1085/fd Process not Found File opened for reading /proc/1148/fd Process not Found File opened for reading /proc/1268/fd Process not Found File opened for reading /proc/1376/fd Process not Found File opened for reading /proc/712/fd Process not Found File opened for reading /proc/1151/fd Process not Found