Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    99s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    15/01/2025, 02:59

General

  • Target

    8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf

  • Size

    51KB

  • MD5

    8c66a273b7dbce2d3068cb6e41531f65

  • SHA1

    34969d7168d3935f0116eb37a55991306aec895f

  • SHA256

    8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92

  • SHA512

    f3b31736a28d242d19cacd42e3c16f040c8c3793c40572c9fbaae844b8ae974c9c4ffe779234f3e71e4be360422ad7c9719d0855fe6030c017345b81907dcfff

  • SSDEEP

    768:j0QDd8eakzD4lR+YOANqN+QUV0Fji9qooxn5ZkHPLSxMPh6I/5/NPsB2gGVzJ:Vd5atOAN9RV0FW9qN5Zkvm69KBIt

Malware Config

Signatures

  • Contacts a large (106190) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 1 IoCs

Processes

  • /tmp/8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf
    /tmp/8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf
    1⤵
    • Modifies Watchdog functionality
    • Changes its process name
    PID:650

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads