Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    10/04/2024, 01:34

General

  • Target

    41369408a0dd928ba8be21d11b80bdad2c184e7c65012ccee1af0b10df78f43b.elf

  • Size

    41KB

  • MD5

    939d4c14bba2ed6d8f5766fa190fff03

  • SHA1

    4f60c817ead8347bc1e8bb636587ae633ec943ff

  • SHA256

    41369408a0dd928ba8be21d11b80bdad2c184e7c65012ccee1af0b10df78f43b

  • SHA512

    d7fcc8150183f327ecfd9ec55d37937589a755298140f4fd1fc4bce3cf4c3e58df86fb87468315d13e908e687ef311b26349ecc9691c43cdef62d49d6a74ad33

  • SSDEEP

    768:b4U9FiNjEB5NXpx19OlqxHgSWpS23Un+j8oY/Bo8G9rKDCx:lojEB5Bpx19OsxH2SRr/ql2DC

Score
9/10

Malware Config

Signatures

  • Contacts a large (76764) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/41369408a0dd928ba8be21d11b80bdad2c184e7c65012ccee1af0b10df78f43b.elf
    /tmp/41369408a0dd928ba8be21d11b80bdad2c184e7c65012ccee1af0b10df78f43b.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    PID:1548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads