Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    05/01/2025, 21:03

General

  • Target

    JaffaCakes118_bd63db83d727681541551f8c40231ede

  • Size

    52KB

  • MD5

    bd63db83d727681541551f8c40231ede

  • SHA1

    54a1ef1f318bc8bd52916d6ff68608c3d669efef

  • SHA256

    30e145346e8f2248cebe7cd37f3bc4dad42ed8a9b66605e1a1b9c3af16225526

  • SHA512

    b96272079dd08e79ad6a8149802a11282827dde215bb613ef8440562335923d9ca0ffe554ee22cefeb6255d8aba26160b5558e65d1603dacd5fc20560de05a50

  • SSDEEP

    768:yMte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLro1ts9q3UELbOs8r:yM84ISRX63dZQbS5rzZW1LIVmWj/

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Contacts a large (20237) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 42 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/JaffaCakes118_bd63db83d727681541551f8c40231ede
    /tmp/JaffaCakes118_bd63db83d727681541551f8c40231ede
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:705

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads