Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

9113d69ee7...7e9339

debian-9-armhf

6

Analysis

  • max time kernel
    156s
  • max time network
    158s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    22/12/2023, 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9113d69ee755153dc8ad971b0e7e9339

  • Size

    537KB

  • MD5

    9113d69ee755153dc8ad971b0e7e9339

  • SHA1

    041a446143d3e2650b1a596bb26fcb484303f4d1

  • SHA256

    daccf72b00939ef0f14eb19b2a9cf73a61514a4c86d28369886634644fb0159d

  • SHA512

    ac333dfc73f797f74633f53762d609d40ca0aa111283cec6e56fc586948cb0219e4d82b26b7d8802ec958646a58eb654171bbb0cff6370b46548bd5ace650104

  • SSDEEP

    12288:YlEcxo05kz84ZyNVw82dWenMsECdg4xK4r3lGGPItHrhxx:YDkoTA82EsFK4Q0It9

Score
6/10
persistence

Malware Config

Signatures

  • Attempts to change immutable files 3 IoCs

    Modifies inode attributes on the filesystem to allow changing of immutable files.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/9113d69ee755153dc8ad971b0e7e9339
    /tmp/9113d69ee755153dc8ad971b0e7e9339
    1⤵
      PID:651
    • /bin/sh
      sh -c "chattr -i /etc/crontab"
      1⤵
        PID:658
        • /usr/bin/chattr
          chattr -i /etc/crontab
          2⤵
          • Attempts to change immutable files
          PID:659
      • /bin/sh
        sh -c "chmod +w /etc/crontab"
        1⤵
          PID:664
          • /bin/chmod
            chmod +w /etc/crontab
            2⤵
              PID:665
          • /bin/sh
            sh -c "sed -i '/9113d69ee755153dc8ad971b0e7e9339/d' /etc/crontab"
            1⤵
            • Attempts to change immutable files
            PID:667
            • /bin/sed
              sed -i /9113d69ee755153dc8ad971b0e7e9339/d /etc/crontab
              2⤵
              • Attempts to change immutable files
              • Reads runtime system information
              PID:668
          • /bin/sh
            sh -c "echo '*/1 * * * * root /tmp/9113d69ee755153dc8ad971b0e7e9339 mt' >> /etc/crontab"
            1⤵
            • Creates/modifies Cron job
            PID:669

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /etc/sedYdnvm9
            Filesize

            722B

            MD5

            8f111d100ea459f68d333d63a8ef2205

            SHA1

            077ca9c46a964de67c0f7765745d5c6f9e2065c3

            SHA256

            0e5c204385b21e15b031c83f37212bf5a4ee77b51762b7b54bd6ad973ebdf354

            SHA512

            d81767b47fb84aaf435f930356ded574ee9825ec710a2e7c26074860d8a385741d65572740137b6f9686c285a32e2951ca933393b266746988f1737aad059adb

            Download Submit