Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
20/02/2024, 22:48
Behavioral task
behavioral1
Sample
cc46e0e3cb1c3577c49d448cbf04ca13.elf
Resource
debian9-armhf-20231215-en
General
-
Target
cc46e0e3cb1c3577c49d448cbf04ca13.elf
-
Size
223KB
-
MD5
cc46e0e3cb1c3577c49d448cbf04ca13
-
SHA1
6e306a5b682b520c2a5941a50034086882c87027
-
SHA256
9d053c5fb34f80031ba2d14f188c979b344d291b618c32613106e635beca5dc0
-
SHA512
d669f30d095192357c399440e9b5d96e07766ff2d5e484588be895929abb0d4aabdf9133e9872f8edc251a93588a6ea41422125d1ea9ce9e705ee6024523e4ae
-
SSDEEP
3072:xLN858hbjP7HlEfY3MI3GxJyQdaqOCaqalDgD92bx7BLZXeDe+IpexHEr07mBzr4:QlYckGx8QaHC2+Do5Xe6w7mBzrZjHET
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /etc/crontab cc46e0e3cb1c3577c49d448cbf04ca13.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/648/exe