Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20231222-en -
resource tags
arch:armhfimage:debian9-armhf-20231222-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13/02/2024, 05:17
Static task
static1
Behavioral task
behavioral1
Sample
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
Resource
debian9-armhf-20231222-en
debian-9-armhf
General
-
Target
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16.elf
-
Size
70KB
-
MD5
fc4a3d98f6e52c8df6c916c55f75cf01
-
SHA1
e2a5cf795d785bc4b50b555f4f12be3763487675
-
SHA256
cb1f88349d69a27dfdec522211a4b3415a1b84388b1255e951de84119314df16
-
SHA512
967fd9b8d41b1340ee7f186106faabd481a7d73071c25ab01aa8d36010baffe1773ad4863c76c5978bfcac346f707c0ff2cffa6f74059cbe0d771bec356827dd
-
SSDEEP
1536:PTSwDOf56jPsbf8tKZFfk0/CwTZtef6kBW4va:Ef5Ssb0tKZFNTfZv4C
Malware Config
Signatures
-
Contacts a large (47183) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/688/maps File opened for reading /proc/14/maps File opened for reading /proc/23/maps File opened for reading /proc/662/exe File opened for reading /proc/721/maps File opened for reading /proc/10/maps File opened for reading /proc/26/exe File opened for reading /proc/574/maps File opened for reading /proc/698/maps File opened for reading /proc/2/exe File opened for reading /proc/25/maps File opened for reading /proc/671/maps File opened for reading /proc/694/maps File opened for reading /proc/698/exe File opened for reading /proc/13/maps File opened for reading /proc/28/maps File opened for reading /proc/109/maps File opened for reading /proc/3/exe File opened for reading /proc/661/exe File opened for reading /proc/17/exe File opened for reading /proc/108/exe File opened for reading /proc/689/exe File opened for reading /proc/663/maps File opened for reading /proc/663/exe File opened for reading /proc/12/exe File opened for reading /proc/20/exe File opened for reading /proc/272/maps File opened for reading /proc/14/exe File opened for reading /proc/222/maps File opened for reading /proc/314/maps File opened for reading /proc/806/maps File opened for reading /proc/810/maps File opened for reading /proc/3/maps File opened for reading /proc/24/maps File opened for reading /proc/148/maps File opened for reading /proc/137/maps File opened for reading /proc/15/maps File opened for reading /proc/16/maps File opened for reading /proc/17/maps File opened for reading /proc/145/exe File opened for reading /proc/576/maps File opened for reading /proc/12/maps File opened for reading /proc/19/exe File opened for reading /proc/76/exe File opened for reading /proc/661/maps File opened for reading /proc/794/maps File opened for reading /proc/6/exe File opened for reading /proc/13/exe File opened for reading /proc/27/exe File opened for reading /proc/281/maps File opened for reading /proc/688/exe File opened for reading /proc/696/maps File opened for reading /proc/802/maps File opened for reading /proc/8/maps File opened for reading /proc/16/exe File opened for reading /proc/145/maps File opened for reading /proc/812/maps File opened for reading /proc/24/exe File opened for reading /proc/292/maps File opened for reading /proc/686/exe File opened for reading /proc/685/maps File opened for reading /proc/689/maps File opened for reading /proc/20/maps File opened for reading /proc/577/maps