Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

87eb6ffd7f...84.elf

debian-9-armhf

7

Analysis

  • max time kernel
    126s
  • max time network
    129s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231222-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    23/12/2023, 01:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87eb6ffd7faa65040ddb4071cc3c0d71d357efea217a7e69d9a55bb0f6aaa284.elf

  • Size

    84KB

  • MD5

    7c5fb1ac2c1973473627d508b79ac630

  • SHA1

    b8c93a9a17042a82a9d81e7ab2fd62c894482c32

  • SHA256

    87eb6ffd7faa65040ddb4071cc3c0d71d357efea217a7e69d9a55bb0f6aaa284

  • SHA512

    d66adcb9bedc38ca933f939a5ebc4b800c5bc4f79638c1a49d4b521b710aa972cf190e5a9d60dc6435c87c8d448219b0b8b726ea4aa95f9d98b486f683fed68e

  • SSDEEP

    1536:sC2ruOIXs+NGmd4fIVDJZPJmoSRBv8+B52u5OOF4nb:5Ot+NGm8oDJOocvh2lnb

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/87eb6ffd7faa65040ddb4071cc3c0d71d357efea217a7e69d9a55bb0f6aaa284.elf
    /tmp/87eb6ffd7faa65040ddb4071cc3c0d71d357efea217a7e69d9a55bb0f6aaa284.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:637

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads