Extracted

• • Target

    703-1-0x00400000-0x00455a28-memory.dmp

  • Size

    85KB

  • MD5

    9fa53f2d076b07fedc31581c9bd616e3

  • SHA1

    583d2c3bdae1ed585017e424a3f2b00d98c0b4f2

  • SHA256

    1c53045c2a413b4ecd3f12b69081d8d4a70be47231fecff42469864fb12ec617

  • SHA512

    2b513b5e956aa01569c93a6509673f5f104864bb7d00d17ca4f16248056b4d09df471ebb77d9dd812c6d1c98f1eed5b2ddb616d5434ec1d43e5076cd7a1ba0da

  • SSDEEP

    1536:d9V14JYRJ4AGk15EKPd0vpi8IQL6i9U1VqihgfJRPgDrT:11hRJ4Axb0R7I69U1Vqihgfve/

  Score

  9^/10

  defense_evasiondiscovery

  • Contacts a large (19916) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Modifies Watchdog functionality

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

    discovery

  • Enumerates running processes

    Discovers information about currently running processes on the system

  behavioral1