Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    60s
  • max time network
    65s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    10/04/2024, 09:35

General

  • Target

    arm7

  • Size

    111KB

  • MD5

    9ec729fd5874577bcd8c5110fe82a1ce

  • SHA1

    963de16772f2b79aa08ca70d183d79514047b34f

  • SHA256

    403188c2dd16bc6f9d2bb88641c50b6c9a4e4a2248aaa1abd4ac86a0d1372418

  • SHA512

    eee5f8c39cd906e5d22510b0e79cccd3e79e844d0d7bd69766583432c5c47d0bad537e3a3d2fe318fc8d0d7b2751ebf30fa9cd0226a51a66d64763dbe38f4715

  • SSDEEP

    3072:OAV66FdwsXtLHTH3O8SGUy7++eHarcM/9RSTN9:OAVXDx9DT3O8SG/7aHaoM/9RSTN9

Score
9/10

Malware Config

Signatures

  • Contacts a large (30197) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/arm7
    /tmp/arm7
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    PID:664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads