Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

mips

debian-9-mips

7

Analysis

  • max time kernel
    96s
  • max time network
    147s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240611-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    03/01/2025, 14:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mips

  • Size

    103KB

  • MD5

    ade42a2e91917e954524de04d1e3d86e

  • SHA1

    a642bd1688b2758ccfe482fc467d6555f512141f

  • SHA256

    801c99e4f98a563c705771a06ef9290c3f1b262cec82e521a2f3f39641512e5f

  • SHA512

    2a4d2b577a6dda726670563dd9c6703579dfa2c9c53b98839d5adf9e0c85a1fbe3334257022f5337ee962d44625c7278af03b0ca704b82afd4fea9be5b588c94

  • SSDEEP

    1536:zO9Bm/RtCZiqr33Dc48uuwr7CFKygt6c9e8WDC1ieMbFQIg:yBm/zCZiyn448uuPRgt6c9e8YC1GFQP

Score
7/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalation

Malware Config

Signatures

  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

    evasion
  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 2 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Deletes log files 1 TTPs 3 IoCs

    Deletes log files on the system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies systemd 2 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation
  • Changes its process name 1 IoCs
  • Enumerates kernel/hardware configuration 1 TTPs 2 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/mips
    /tmp/mips
    1⤵
    • Deletes Audit logs
    • Deletes itself
    • Deletes system logs
    • Modifies Watchdog functionality
    • Deletes log files
    • Modifies systemd
    • Changes its process name
    • Reads runtime system information
    • System Network Configuration Discovery
    PID:705
    • /bin/sh
      sh -c "systemctl daemon-reload"
      2⤵
        PID:710
        • /bin/systemctl
          systemctl daemon-reload
          3⤵
          • Enumerates kernel/hardware configuration
          • Reads runtime system information
          PID:715
      • /bin/sh
        sh -c "systemctl enable startup_command.service"
        2⤵
          PID:729
          • /bin/systemctl
            systemctl enable startup_command.service
            3⤵
            • Enumerates kernel/hardware configuration
            • Reads runtime system information
            PID:736

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /etc/systemd/system/startup_command.service
        Filesize

        361B

        MD5

        af7d62b73266e0b457b114fe91f7e926

        SHA1

        11261aef4573b56b67b32020049c69c7282fc212

        SHA256

        14cb525e5a6b8aaf20c38672f8a9f974a684990888214848818326a739906642

        SHA512

        3926fbb53496c3aaa34cc782bd5c8379e0ab94b11fe4e63bbbfeac4e2b5057369c94bbe25ac56c3f04363076c91b978f9199fed97c5ed8377a6dc852b01ebfd9

        Download Submit