Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
155s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
06/01/2025, 23:27
Behavioral task
behavioral1
Sample
ngwa5.elf
Resource
debian9-armhf-20240611-en
debian-9-armhf
4 signatures
150 seconds
General
-
Target
ngwa5.elf
-
Size
138KB
-
MD5
86553d36841e35d034d3798a7d96537f
-
SHA1
fe90d24f9237c911b14836991fa0241e781bd0c4
-
SHA256
26a24796548c4054f85669c3d83b79f07653baf63aeeee9a5058eed6a07b6c94
-
SHA512
63e91b909ccf82d06861341bf5b44d341777e4818d66664abef2f18d63b0de06b22e1413d01ca4dc87e9b7842cd2e588d25f6174835bc25f0c3a4569297bcba2
-
SSDEEP
1536:I9ApxSazhQBHN/dutr2W8g4VKlhTO4tE+GROXbQSxWjg81lcNwywc2GfFJRbPDhR:I932metr/46ha4t1Y+WctyL+c
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 649 ngwa5.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 648 ngwa5.elf -
description ioc Process File opened for reading /proc/19/cmdline ngwa5.elf File opened for reading /proc/135/cmdline ngwa5.elf File opened for reading /proc/12/cmdline ngwa5.elf File opened for reading /proc/24/cmdline ngwa5.elf File opened for reading /proc/43/cmdline ngwa5.elf File opened for reading /proc/74/cmdline ngwa5.elf File opened for reading /proc/145/cmdline ngwa5.elf File opened for reading /proc/314/cmdline ngwa5.elf File opened for reading /proc/8/cmdline ngwa5.elf File opened for reading /proc/9/cmdline ngwa5.elf File opened for reading /proc/106/cmdline ngwa5.elf File opened for reading /proc/285/cmdline ngwa5.elf File opened for reading /proc/42/cmdline ngwa5.elf File opened for reading /proc/273/cmdline ngwa5.elf File opened for reading /proc/22/cmdline ngwa5.elf File opened for reading /proc/305/cmdline ngwa5.elf File opened for reading /proc/317/cmdline ngwa5.elf File opened for reading /proc/20/cmdline ngwa5.elf File opened for reading /proc/25/cmdline ngwa5.elf File opened for reading /proc/28/cmdline ngwa5.elf File opened for reading /proc/217/cmdline ngwa5.elf File opened for reading /proc/4/cmdline ngwa5.elf File opened for reading /proc/5/cmdline ngwa5.elf File opened for reading /proc/26/cmdline ngwa5.elf File opened for reading /proc/29/cmdline ngwa5.elf File opened for reading /proc/139/cmdline ngwa5.elf File opened for reading /proc/284/cmdline ngwa5.elf File opened for reading /proc/10/cmdline ngwa5.elf File opened for reading /proc/138/cmdline ngwa5.elf File opened for reading /proc/585/cmdline ngwa5.elf File opened for reading /proc/17/cmdline ngwa5.elf File opened for reading /proc/21/cmdline ngwa5.elf File opened for reading /proc/156/cmdline ngwa5.elf File opened for reading /proc/275/cmdline ngwa5.elf File opened for reading /proc/591/cmdline ngwa5.elf File opened for reading /proc/16/cmdline ngwa5.elf File opened for reading /proc/142/cmdline ngwa5.elf File opened for reading /proc/307/cmdline ngwa5.elf File opened for reading /proc/595/cmdline ngwa5.elf File opened for reading /proc/6/cmdline ngwa5.elf File opened for reading /proc/7/cmdline ngwa5.elf File opened for reading /proc/13/cmdline ngwa5.elf File opened for reading /proc/14/cmdline ngwa5.elf File opened for reading /proc/18/cmdline ngwa5.elf File opened for reading /proc/41/cmdline ngwa5.elf File opened for reading /proc/104/cmdline ngwa5.elf File opened for reading /proc/107/cmdline ngwa5.elf File opened for reading /proc/2/cmdline ngwa5.elf File opened for reading /proc/3/cmdline ngwa5.elf File opened for reading /proc/271/cmdline ngwa5.elf File opened for reading /proc/27/cmdline ngwa5.elf File opened for reading /proc/95/cmdline ngwa5.elf File opened for reading /proc/11/cmdline ngwa5.elf File opened for reading /proc/15/cmdline ngwa5.elf File opened for reading /proc/23/cmdline ngwa5.elf File opened for reading /proc/588/cmdline ngwa5.elf