Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    47s
  • max time network
    53s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231215-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    31/12/2023, 15:49

General

  • Target

    3a5333e2143b48fce02d877063c94b2d

  • Size

    177KB

  • MD5

    3a5333e2143b48fce02d877063c94b2d

  • SHA1

    6c54cadbae1fad7ac5c601822fba4329991e8bc3

  • SHA256

    912849731336584f384a87a1ce421aa04c43e8f6bf36a7f8b874fb8db08bb58f

  • SHA512

    c7764dbe31a0249c4acc32f71550d6ff69b57b2256d6601ea65893d5f9ead3a0bf2fd4f4987161b8890b2212a64149644aefd42336c37d3ac37005d0dd52ddee

  • SSDEEP

    3072:/TNVO/QJHZcfFj4rwLQGTNO5VZLwHm7vuQTpZUyY6coj:7O/QJHZweEL/NOjCHm7FZZnc6

Score
8/10

Malware Config

Signatures

  • Contacts a large (1389) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/3a5333e2143b48fce02d877063c94b2d
    /tmp/3a5333e2143b48fce02d877063c94b2d
    1⤵
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:705
  • /bin/sh
    sh -c "killall -9 telnetd utelnetd scfgmgr"
    1⤵
      PID:709
      • /usr/bin/killall
        killall -9 telnetd utelnetd scfgmgr
        2⤵
        • Reads runtime system information
        PID:714
    • /bin/sh
      sh -c "iptables -I INPUT -p tcp --destination-port 55907 -j ACCEPT"
      1⤵
        PID:811
        • /sbin/iptables
          iptables -I INPUT -p tcp --destination-port 55907 -j ACCEPT
          2⤵
            PID:813

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads