Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    20/02/2024, 22:48

General

  • Target

    cc46e0e3cb1c3577c49d448cbf04ca13.elf

  • Size

    223KB

  • MD5

    cc46e0e3cb1c3577c49d448cbf04ca13

  • SHA1

    6e306a5b682b520c2a5941a50034086882c87027

  • SHA256

    9d053c5fb34f80031ba2d14f188c979b344d291b618c32613106e635beca5dc0

  • SHA512

    d669f30d095192357c399440e9b5d96e07766ff2d5e484588be895929abb0d4aabdf9133e9872f8edc251a93588a6ea41422125d1ea9ce9e705ee6024523e4ae

  • SSDEEP

    3072:xLN858hbjP7HlEfY3MI3GxJyQdaqOCaqalDgD92bx7BLZXeDe+IpexHEr07mBzr4:QlYckGx8QaHC2+Do5Xe6w7mBzrZjHET

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/cc46e0e3cb1c3577c49d448cbf04ca13.elf
    /tmp/cc46e0e3cb1c3577c49d448cbf04ca13.elf
    1⤵
    • Creates/modifies Cron job
    PID:645

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads