Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    128s
  • max time network
    162s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    11/03/2025, 04:01

General

  • Target

    8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b.elf

  • Size

    51KB

  • MD5

    b1e5cd6656d464d23fe45ad11bf71c6e

  • SHA1

    baa24baeff643c4987a700cf78ac9b3c4f174bab

  • SHA256

    8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b

  • SHA512

    89e133983892bed2ec7c17d6be24c4daa92b2c4461d5b8a867d7fc991a1f64a53be48a8b378704898910d6ea5d418edf2c6aad5f3326209b1eaba5701c8cde07

  • SSDEEP

    768:gz/VLG4Kc9tJRaY/39XHSxFjqRsQo8CZya5NPWgt5tA1xz9NsI4X0s46gl:WVatk39XwjqSvZya5Fjt5AZM

Malware Config

Signatures

  • Contacts a large (162264) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Renames itself 1 IoCs
  • Unexpected DNS network traffic destination 6 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b.elf
    /tmp/8bf0617c8eb0d23754ee49c36c72e01c06d256a3782cee83b5b500b80aa6b92b.elf
    1⤵
    • Modifies Watchdog functionality
    • Renames itself
    • Changes its process name
    • Reads runtime system information
    PID:651

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads