Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    22/01/2025, 03:03

General

  • Target

    918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3.elf

  • Size

    91KB

  • MD5

    7ef6bf4413596613dcb0534e53c8c5df

  • SHA1

    f4974945306c659fbf663fbb7f0d3d2c532373d9

  • SHA256

    918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3

  • SHA512

    af3600d62139586c8767d41f1b5899f03c21809ce47553299be79adb8e04fc87bc6295e8c6fd567b6778a4aa474e5dd0d793de91d996180bd8abc5aaf5932ace

  • SSDEEP

    1536:Pu9xvdDK6oO8+ZjO8o/yZBUORMUD2moBVVHyGCLCfXJM9HoUXEkTQv3P4QwDmt5N:Pu9xvdDK6ot+Zjto/6BlRMU2mUVsdLb2

Malware Config

Signatures

  • Contacts a large (23673) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • File and Directory Permissions Modification 1 TTPs 2 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Changes its process name 1 IoCs
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3.elf
    /tmp/918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3.elf
    1⤵
    • Changes its process name
    PID:4066
    • /bin/sh
      sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3.elf bin/watchdog; chmod 777 bin/watchdog"
      2⤵
      • File and Directory Permissions Modification
      • Writes file to tmp directory
      PID:4067
      • /usr/bin/rm
        rm -rf bin/watchdog
        3⤵
          PID:4068
        • /usr/bin/mkdir
          mkdir bin
          3⤵
          • Reads runtime system information
          PID:4070
        • /usr/bin/mv
          mv /tmp/918dd047c1af1812bfc671246161b360d59644bbf409855e84161dc1b3544bb3.elf bin/watchdog
          3⤵
          • Reads runtime system information
          PID:4071
        • /usr/bin/chmod
          chmod 777 bin/watchdog
          3⤵
          • File and Directory Permissions Modification
          PID:4072

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads