Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

75a1f310b1...95.elf

debian-9-armhf

7

Analysis

  • max time kernel
    102s
  • max time network
    104s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    29/02/2024, 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75a1f310b1585477adcb213e281891c820f40366c7705c4367f1463faf0e9795.elf

  • Size

    297KB

  • MD5

    b38d0ef3a66e4bd4b6775e13d72bea70

  • SHA1

    94809c937f4a3e36ef3df70ab94607c0ed61e4d5

  • SHA256

    75a1f310b1585477adcb213e281891c820f40366c7705c4367f1463faf0e9795

  • SHA512

    97d6f8977aff6817ee7e22dbb1c15cbf6d5e6ef2c172e2cdd090611fe27b188c102b0c6d4dbd97407514a375cb49c771f46ba3ceb7913a70fb79bb847614aa56

  • SSDEEP

    6144:AYYcatHJ2y2+z4RZedkAM/LvGZxVzm6wxTIe+5:AYYcatHJ2y2O2LAM6fVm6WTIe+5

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/75a1f310b1585477adcb213e281891c820f40366c7705c4367f1463faf0e9795.elf
    /tmp/75a1f310b1585477adcb213e281891c820f40366c7705c4367f1463faf0e9795.elf
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:638

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads