Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

arm7.elf

debian-12-armhf

7

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240418-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    06/01/2025, 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7.elf

  • Size

    168KB

  • MD5

    b650efbe5d301336e171f76ac6854af1

  • SHA1

    8453546c4a920f65315a046b6579c89cdffbf8e5

  • SHA256

    f926f3e5ca5b14237b37cbfd2a2d8653ed67a965f39566d5b12974b272b6c4b5

  • SHA512

    feab3f5f386d678ce1cc8ab2fce9234b048e6b2c0367397826b6c5359accf52945f8c9b2164763887d42f3b819019da8e9b5a39321c4d7790a26f0677912f2d4

  • SSDEEP

    3072:8qwG+C1QT6mXRfDUnhaRkZzOQEfcl/lawSosRMD27WOagM/9regU9:8qwG1mBf4haRkZzOQE0l/Qw0q27WOhMA

Score
7/10
defense_evasiondiscoveryexecutionpersistenceprivilege_escalation

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Modifies systemd 2 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistenceprivilege_escalation
  • Changes its process name 1 IoCs
  • Command and Scripting Interpreter: Unix Shell 1 TTPs 2 IoCs

    Execute scripts via Unix Shell.

    execution
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/arm7.elf
    /tmp/arm7.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Modifies systemd
    • Changes its process name
    • Reads runtime system information
    PID:696
    • /bin/sh
      /bin/sh -c "systemctl daemon-reload"
      2⤵
      • Command and Scripting Interpreter: Unix Shell
      PID:704
      • /usr/bin/systemctl
        systemctl daemon-reload
        3⤵
        • Reads runtime system information
        PID:713
    • /bin/sh
      /bin/sh -c "systemctl enable startup_command.service"
      2⤵
      • Command and Scripting Interpreter: Unix Shell
      PID:779
      • /usr/bin/systemctl
        systemctl enable startup_command.service
        3⤵
        • Reads runtime system information
        PID:780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/systemd/system/startup_command.service
    Filesize

    361B

    MD5

    af7d62b73266e0b457b114fe91f7e926

    SHA1

    11261aef4573b56b67b32020049c69c7282fc212

    SHA256

    14cb525e5a6b8aaf20c38672f8a9f974a684990888214848818326a739906642

    SHA512

    3926fbb53496c3aaa34cc782bd5c8379e0ab94b11fe4e63bbbfeac4e2b5057369c94bbe25ac56c3f04363076c91b978f9199fed97c5ed8377a6dc852b01ebfd9

    Download Submit