Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
156s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231215-en -
resource tags
arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
13/02/2024, 02:40
Static task
static1
Behavioral task
behavioral1
Sample
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16.elf
Resource
debian9-mipsel-20231215-en
General
-
Target
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16.elf
-
Size
90KB
-
MD5
30b4817e9570d87a0fe83fd480795477
-
SHA1
853b6e09b63b9b37112038fdd37dac2cb71cd62f
-
SHA256
43de8954d7ea284fdb7fe1b2b7940d99ff062cf3376ce64a553f418361db2f16
-
SHA512
4b49c97b63ce1f79fe837ad814df460e4519b11ee66e1e68c01c743e9ca6ea0b6180b4491f0a08a9394c925f86a681ad9734d1fa38fedd8750c0116d702bbfdc
-
SSDEEP
1536:heT0Mh08tVT/43Rhu8WyVrUQCZFpQtbSTH/ARL/G:ZMDyrUQCZ
Malware Config
Signatures
-
Contacts a large (43669) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/72/maps File opened for reading /proc/699/maps File opened for reading /proc/708/maps File opened for reading /proc/711/maps File opened for reading /proc/719/exe File opened for reading /proc/795/maps File opened for reading /proc/819/maps File opened for reading /proc/717/exe File opened for reading /proc/828/maps File opened for reading /proc/74/maps File opened for reading /proc/374/maps File opened for reading /proc/804/exe File opened for reading /proc/820/maps File opened for reading /proc/767/exe File opened for reading /proc/3/exe File opened for reading /proc/82/exe File opened for reading /proc/116/maps File opened for reading /proc/166/maps File opened for reading /proc/520/maps File opened for reading /proc/705/maps File opened for reading /proc/705/exe File opened for reading /proc/804/maps File opened for reading /proc/859/maps File opened for reading /proc/24/exe File opened for reading /proc/767/maps File opened for reading /proc/872/maps File opened for reading /proc/785/maps File opened for reading /proc/3/maps File opened for reading /proc/9/maps File opened for reading /proc/16/maps File opened for reading /proc/69/maps File opened for reading /proc/78/exe File opened for reading /proc/735/exe File opened for reading /proc/763/maps File opened for reading /proc/788/maps File opened for reading /proc/6/maps File opened for reading /proc/116/exe File opened for reading /proc/147/maps File opened for reading /proc/722/maps File opened for reading /proc/776/maps File opened for reading /proc/11/exe File opened for reading /proc/704/maps File opened for reading /proc/757/exe File opened for reading /proc/770/exe File opened for reading /proc/779/maps File opened for reading /proc/831/maps File opened for reading /proc/8/exe File opened for reading /proc/21/maps File opened for reading /proc/79/exe File opened for reading /proc/723/exe File opened for reading /proc/782/maps File opened for reading /proc/854/exe File opened for reading /proc/11/maps File opened for reading /proc/17/maps File opened for reading /proc/18/exe File opened for reading /proc/320/maps File opened for reading /proc/398/maps File opened for reading /proc/718/exe File opened for reading /proc/734/maps File opened for reading /proc/150/exe File opened for reading /proc/702/exe File opened for reading /proc/717/maps File opened for reading /proc/748/maps File opened for reading /proc/770/maps