Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    101s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    11/12/2024, 23:51

General

  • Target

    jew.x86.elf

  • Size

    60KB

  • MD5

    0c9d13b8a66a0d51a37ad36c0a4f85e2

  • SHA1

    869b064cdcb70310b9af9fa25bc92c4a0430af13

  • SHA256

    6cae9625ea917a34f39d33cc7372ee7d261a29beb7a6a242b2bae7bf3f6c8401

  • SHA512

    128da26297725cb918e49fab03b42fdab6c1b8e6c31610eafb86ed056e074b98af33ce0a11a881ae52ba32ffd3e7436c955467716c0e71ce46cc1921a582176b

  • SSDEEP

    768:JjiwQ4KFW+Ny+8GbGN1hLZYRMLxJtWOboPLZhgtp7Cya3slMqWvjW:Ey+NH8x7huxObchgTNJWrW

Malware Config

Signatures

  • Contacts a large (115796) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs

Processes

  • /tmp/jew.x86.elf
    /tmp/jew.x86.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    PID:1573

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads