Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231215-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    21/02/2024, 04:54

General

  • Target

    f26fee0d2b7f88bd7d5aa0860756b6d5.bin

  • Size

    66KB

  • MD5

    f26fee0d2b7f88bd7d5aa0860756b6d5

  • SHA1

    8e933506d7d8b9205573881947d9419ffd6e1aaa

  • SHA256

    49ee7966b481548392c8e66f58b9792d09e78cff34b6a4867f522602dc4930b5

  • SHA512

    e0241f0c052610c0adaa69e03ad3de967a03c9e732212fe2718e957af6e36dad3137c4d96e0a48d555aced4998a94f4538b24dc973af525a318ab650e7b54794

  • SSDEEP

    1536:u8aCKglaDrIjtb3stmjpYpt13+c23mo1UQ+eX:9H+0Jb3vypt8c23mo1RHX

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/f26fee0d2b7f88bd7d5aa0860756b6d5.bin
    /tmp/f26fee0d2b7f88bd7d5aa0860756b6d5.bin
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:697

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads