Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    10/12/2024, 02:36

General

  • Target

    35d00496234b7f08ef4c7b3caebc7b0ec5384bea7642afda1e23fa396170a805.elf

  • Size

    146KB

  • MD5

    67c8b24fb45f61fcba82320e8b4e6d72

  • SHA1

    4c7b007829f38257c8759e38e8cb4f559b23293c

  • SHA256

    35d00496234b7f08ef4c7b3caebc7b0ec5384bea7642afda1e23fa396170a805

  • SHA512

    316cff80b48d7236e9b0de226fd232ccfc13140b0c946db5be3f0f1ac5052506c622f9375c435ca40b691277a52f4be43d5835b74a2a371368177a45999bfd05

  • SSDEEP

    3072:HxRizSAt/6Rv4dO21MiF13yO3U1CUeY0wMGNEyzap0kM/9xnr:HjizSO/6RQb13U1CU7hMqzapnM/9xnr

Malware Config

Signatures

  • Contacts a large (23467) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Reads process memory 1 TTPs 64 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

  • Changes its process name 1 IoCs
  • Reads runtime system information 55 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/35d00496234b7f08ef4c7b3caebc7b0ec5384bea7642afda1e23fa396170a805.elf
    /tmp/35d00496234b7f08ef4c7b3caebc7b0ec5384bea7642afda1e23fa396170a805.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads process memory
    • Changes its process name
    • Reads runtime system information
    PID:652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads