Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
10/03/2025, 23:17
Behavioral task
behavioral1
Sample
jklmips.elf
Resource
debian9-mipsbe-20240611-en
debian-9-mips
12 signatures
150 seconds
General
-
Target
jklmips.elf
-
Size
78KB
-
MD5
ce4bd94ea8cbc021bf79e11f1f734c25
-
SHA1
f562c88119484f3e92be6e95cb0a435836ca6362
-
SHA256
ef931d8ba4966260112b7ed31a1e0b5cd4423becc0397e8eeaee345de903a1ab
-
SHA512
d0a85bbbf02f85e445856cced0f7942652ca8c2d748f17a25129b5fa2982df148d5b2580d4c7512d579e4e666ec62700233802a145bbeb38715e77f847f26d29
-
SSDEEP
1536:974r3wfm9s/eqjGGYNsl5R5bonpp2uq7y1txzu2cS3zXbBR9:Or3j96zENg5R5bonf2up1/u2F3zXB
Score
9/10
Malware Config
Signatures
-
Contacts a large (75467) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog jklmips.elf File opened for modification /dev/misc/watchdog jklmips.elf -
Renames itself 1 IoCs
pid Process 698 jklmips.elf -
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 194.36.144.87 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp jklmips.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads process memory 1 TTPs 64 IoCs
Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.
description ioc Process File opened for reading /proc/720/maps jklmips.elf File opened for reading /proc/748/maps jklmips.elf File opened for reading /proc/762/maps jklmips.elf File opened for reading /proc/796/maps jklmips.elf File opened for reading /proc/801/maps jklmips.elf File opened for reading /proc/713/maps jklmips.elf File opened for reading /proc/735/maps jklmips.elf File opened for reading /proc/787/maps jklmips.elf File opened for reading /proc/725/maps jklmips.elf File opened for reading /proc/712/maps jklmips.elf File opened for reading /proc/743/maps jklmips.elf File opened for reading /proc/747/maps jklmips.elf File opened for reading /proc/765/maps jklmips.elf File opened for reading /proc/766/maps jklmips.elf File opened for reading /proc/731/maps jklmips.elf File opened for reading /proc/752/maps jklmips.elf File opened for reading /proc/782/maps jklmips.elf File opened for reading /proc/806/maps jklmips.elf File opened for reading /proc/730/maps jklmips.elf File opened for reading /proc/810/maps jklmips.elf File opened for reading /proc/727/maps jklmips.elf File opened for reading /proc/740/maps jklmips.elf File opened for reading /proc/778/maps jklmips.elf File opened for reading /proc/779/maps jklmips.elf File opened for reading /proc/788/maps jklmips.elf File opened for reading /proc/804/maps jklmips.elf File opened for reading /proc/811/maps jklmips.elf File opened for reading /proc/715/maps jklmips.elf File opened for reading /proc/719/maps jklmips.elf File opened for reading /proc/746/maps jklmips.elf File opened for reading /proc/761/maps jklmips.elf File opened for reading /proc/717/maps jklmips.elf File opened for reading /proc/741/maps jklmips.elf File opened for reading /proc/745/maps jklmips.elf File opened for reading /proc/749/maps jklmips.elf File opened for reading /proc/750/maps jklmips.elf File opened for reading /proc/772/maps jklmips.elf File opened for reading /proc/726/maps jklmips.elf File opened for reading /proc/714/maps jklmips.elf File opened for reading /proc/722/maps jklmips.elf File opened for reading /proc/733/maps jklmips.elf File opened for reading /proc/784/maps jklmips.elf File opened for reading /proc/794/maps jklmips.elf File opened for reading /proc/734/maps jklmips.elf File opened for reading /proc/739/maps jklmips.elf File opened for reading /proc/751/maps jklmips.elf File opened for reading /proc/755/maps jklmips.elf File opened for reading /proc/758/maps jklmips.elf File opened for reading /proc/769/maps jklmips.elf File opened for reading /proc/770/maps jklmips.elf File opened for reading /proc/774/maps jklmips.elf File opened for reading /proc/729/maps jklmips.elf File opened for reading /proc/732/maps jklmips.elf File opened for reading /proc/753/maps jklmips.elf File opened for reading /proc/754/maps jklmips.elf File opened for reading /proc/764/maps jklmips.elf File opened for reading /proc/781/maps jklmips.elf File opened for reading /proc/786/maps jklmips.elf File opened for reading /proc/791/maps jklmips.elf File opened for reading /proc/744/maps jklmips.elf File opened for reading /proc/763/maps jklmips.elf File opened for reading /proc/767/maps jklmips.elf File opened for reading /proc/773/maps jklmips.elf File opened for reading /proc/785/maps jklmips.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself kworker/0:1 698 jklmips.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp jklmips.elf -
description ioc Process File opened for reading /proc/147/comm jklmips.elf File opened for reading /proc/313/comm jklmips.elf File opened for reading /proc/731/cmdline jklmips.elf File opened for reading /proc/733/cmdline jklmips.elf File opened for reading /proc/740/cmdline jklmips.elf File opened for reading /proc/763/cmdline jklmips.elf File opened for reading /proc/776/cmdline jklmips.elf File opened for reading /proc/372/comm jklmips.elf File opened for reading /proc/802/cmdline jklmips.elf File opened for reading /proc/18/comm jklmips.elf File opened for reading /proc/316/status jklmips.elf File opened for reading /proc/452/status jklmips.elf File opened for reading /proc/748/cmdline jklmips.elf File opened for reading /proc/753/cmdline jklmips.elf File opened for reading /proc/761/cmdline jklmips.elf File opened for reading /proc/786/cmdline jklmips.elf File opened for reading /proc/801/cmdline jklmips.elf File opened for reading /proc/13/comm jklmips.elf File opened for reading /proc/37/comm jklmips.elf File opened for reading /proc/314/comm jklmips.elf File opened for reading /proc/737/cmdline jklmips.elf File opened for reading /proc/745/cmdline jklmips.elf File opened for reading /proc/768/cmdline jklmips.elf File opened for reading /proc/773/cmdline jklmips.elf File opened for reading /proc/808/cmdline jklmips.elf File opened for reading /proc/726/cmdline jklmips.elf File opened for reading /proc/729/cmdline jklmips.elf File opened for reading /proc/732/cmdline jklmips.elf File opened for reading /proc/5/comm jklmips.elf File opened for reading /proc/7/comm jklmips.elf File opened for reading /proc/20/comm jklmips.elf File opened for reading /proc/140/comm jklmips.elf File opened for reading /proc/695/comm jklmips.elf File opened for reading /proc/719/cmdline jklmips.elf File opened for reading /proc/698/comm jklmips.elf File opened for reading /proc/16/comm jklmips.elf File opened for reading /proc/74/comm jklmips.elf File opened for reading /proc/313/status jklmips.elf File opened for reading /proc/372/status jklmips.elf File opened for reading /proc/690/status jklmips.elf File opened for reading /proc/714/cmdline jklmips.elf File opened for reading /proc/19/comm jklmips.elf File opened for reading /proc/164/comm jklmips.elf File opened for reading /proc/224/comm jklmips.elf File opened for reading /proc/321/comm jklmips.elf File opened for reading /proc/385/status jklmips.elf File opened for reading /proc/675/status jklmips.elf File opened for reading /proc/self/maps jklmips.elf File opened for reading /proc/784/cmdline jklmips.elf File opened for reading /proc/12/comm jklmips.elf File opened for reading /proc/741/cmdline jklmips.elf File opened for reading /proc/779/cmdline jklmips.elf File opened for reading /proc/780/cmdline jklmips.elf File opened for reading /proc/797/cmdline jklmips.elf File opened for reading /proc/803/cmdline jklmips.elf File opened for reading /proc/225/comm jklmips.elf File opened for reading /proc/352/comm jklmips.elf File opened for reading /proc/385/comm jklmips.elf File opened for reading /proc/314/status jklmips.elf File opened for reading /proc/762/cmdline jklmips.elf File opened for reading /proc/787/cmdline jklmips.elf File opened for reading /proc/21/comm jklmips.elf File opened for reading /proc/319/comm jklmips.elf File opened for reading /proc/691/comm jklmips.elf -
System Network Configuration Discovery 1 TTPs 1 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 698 jklmips.elf