Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

arm7.b.elf

debian-12-armhf

7

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    02/02/2025, 17:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arm7.b.elf

  • Size

    120KB

  • MD5

    2734d9008d7a36aa87b2efb102f23ff0

  • SHA1

    fe9b50ecebc12727d264cce35aa6320edb19679a

  • SHA256

    740201329b2951b3dee53cbb8679f74050e0949e9432db1a325aeac33abd6650

  • SHA512

    517053e5fd0f5895c4a2b191b3a45f08f10f8b2fe42a9c337576f8f6e36cc0bcf476ea761b01ef71c82844f978cb74d407d8c53c2977f432c9c3383ecb923059

  • SSDEEP

    1536:+SntBSk+8hwl3nlBSDx1PayWs+9xCk9lDyiuyy9kzYzmsODsZzw/9lY+h7W+hA:T0gylyx1PayWs+9tCyy9+YzhOWM/9qYG

Score
7/10
credential_accessdefense_evasion

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Traces itself 1 IoCs

    Traces itself to prevent debugging attempts

  • Reads process memory 1 TTPs 12 IoCs

    Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

    credential_access
  • Changes its process name 1 IoCs

Processes

  • /tmp/arm7.b.elf
    /tmp/arm7.b.elf
    1⤵
    • Modifies Watchdog functionality
    • Traces itself
    • Reads process memory
    • Changes its process name
    PID:710

Network

  • flag-au
    DNS
    debian12-armhf-20240221-en-14
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-14
    IN AAAA
    Response
  • flag-au
    DNS
    debian12-armhf-20240221-en-14
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-14
    IN A
    Response
  • flag-au
    DNS
    debian12-armhf-20240221-en-14
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-14
    IN AAAA
    Response
  • flag-au
    DNS
    debian12-armhf-20240221-en-14
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-14
    IN A
    Response
  • 185.224.0.33:6075
    915 B
     744 B
     17
    14
  • 1.1.1.1:53
    debian12-armhf-20240221-en-14
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-14

  • 1.1.1.1:53
    debian12-armhf-20240221-en-14
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-14

  • 1.1.1.1:53
    debian12-armhf-20240221-en-14
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-14

  • 1.1.1.1:53
    debian12-armhf-20240221-en-14
    dns
    75 B
     150 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-14

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.