Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    131s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240729-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    18/08/2024, 19:10

General

  • Target

    fc5918a35b92ffc84c45872dc1e108486b6f76c4ddbf6db9420cfb5206b1a49b

  • Size

    151KB

  • MD5

    a742713fe99313aca287e43becf34b23

  • SHA1

    b7e54e9aac9518f5678641645ed2e76edf8f99aa

  • SHA256

    fc5918a35b92ffc84c45872dc1e108486b6f76c4ddbf6db9420cfb5206b1a49b

  • SHA512

    69640426ae0bc792ffcd2386abea749bc4818743b1dcb69e8d300e7176470499b49bef94088dd2a7a7995feb90d46340001761f8f6bb30c2c3ad239ebcb87243

  • SSDEEP

    3072:dgZc9h1jlnLA2PiXYeyCcLVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZLVWDo9mrThPaLEnvP5

Score
7/10

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/fc5918a35b92ffc84c45872dc1e108486b6f76c4ddbf6db9420cfb5206b1a49b
    /tmp/fc5918a35b92ffc84c45872dc1e108486b6f76c4ddbf6db9420cfb5206b1a49b
    1⤵
    • Modifies Watchdog functionality
    • Reads system routing table
    • Changes its process name
    • Reads system network configuration
    PID:713

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads