Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
11/03/2025, 09:41
Behavioral task
behavioral1
Sample
x86_64.elf
Resource
ubuntu2404-amd64-20250307-en
ubuntu-24.04-amd64
6 signatures
150 seconds
General
-
Target
x86_64.elf
-
Size
83KB
-
MD5
f3d810fa1d3e089b733852f499f8ed03
-
SHA1
7fc0dc8c33dd070e9a77b79c698d4dadd298e87c
-
SHA256
467afcae20c1805ce749f4a88a60c0d769ecdb025f4f8d18d5b84a988697447d
-
SHA512
2a60b26aac6e5e7b9c12c62bc8be31ab9cc82afe4256c4d6ba55c68d7de05374483749a7b2705def9244d8323b5bbb79c59abfcaf573e720d026a73ad517e322
-
SSDEEP
1536:GL7OTU+/YQ6ZYb1ZoSkMfbxSD279rwP3T/RFn0d+iNamP5Um5rT61ay:GLtsD6ZYb1ZVkMfbM279rID/z0d+xM5f
Score
9/10
Malware Config
Signatures
-
Contacts a large (49075) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog x86_64.elf File opened for modification /dev/misc/watchdog x86_64.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself vIgsbSqmmYGoDTl 2491 x86_64.elf -
description ioc Process File opened for reading /proc/1290/cmdline x86_64.elf File opened for reading /proc/2488/cmdline x86_64.elf File opened for reading /proc/2490/cmdline x86_64.elf File opened for reading /proc/1795/cmdline x86_64.elf File opened for reading /proc/2096/cmdline x86_64.elf File opened for reading /proc/2217/cmdline x86_64.elf File opened for reading /proc/2250/cmdline x86_64.elf File opened for reading /proc/2311/cmdline x86_64.elf File opened for reading /proc/1023/cmdline x86_64.elf File opened for reading /proc/1041/cmdline x86_64.elf File opened for reading /proc/818/cmdline x86_64.elf File opened for reading /proc/1686/cmdline x86_64.elf File opened for reading /proc/1934/cmdline x86_64.elf File opened for reading /proc/1945/cmdline x86_64.elf File opened for reading /proc/1951/cmdline x86_64.elf File opened for reading /proc/1996/cmdline x86_64.elf File opened for reading /proc/2489/cmdline x86_64.elf File opened for reading /proc/2495/cmdline x86_64.elf File opened for reading /proc/794/cmdline x86_64.elf File opened for reading /proc/1003/cmdline x86_64.elf File opened for reading /proc/1010/cmdline x86_64.elf File opened for reading /proc/2269/cmdline x86_64.elf File opened for reading /proc/415/cmdline x86_64.elf File opened for reading /proc/758/cmdline x86_64.elf File opened for reading /proc/1068/cmdline x86_64.elf File opened for reading /proc/1433/cmdline x86_64.elf File opened for reading /proc/2223/cmdline x86_64.elf File opened for reading /proc/2344/cmdline x86_64.elf File opened for reading /proc/817/cmdline x86_64.elf File opened for reading /proc/1035/cmdline x86_64.elf File opened for reading /proc/1977/cmdline x86_64.elf File opened for reading /proc/2153/cmdline x86_64.elf File opened for reading /proc/1374/cmdline x86_64.elf File opened for reading /proc/1972/cmdline x86_64.elf File opened for reading /proc/2146/cmdline x86_64.elf File opened for reading /proc/576/cmdline x86_64.elf File opened for reading /proc/1253/cmdline x86_64.elf File opened for reading /proc/1916/cmdline x86_64.elf File opened for reading /proc/1959/cmdline x86_64.elf File opened for reading /proc/2496/cmdline x86_64.elf File opened for reading /proc/1061/cmdline x86_64.elf File opened for reading /proc/786/cmdline x86_64.elf File opened for reading /proc/821/cmdline x86_64.elf File opened for reading /proc/867/cmdline x86_64.elf File opened for reading /proc/1935/cmdline x86_64.elf File opened for reading /proc/2209/cmdline x86_64.elf File opened for reading /proc/774/cmdline x86_64.elf File opened for reading /proc/1862/cmdline x86_64.elf File opened for reading /proc/1909/cmdline x86_64.elf File opened for reading /proc/2522/cmdline x86_64.elf File opened for reading /proc/1805/cmdline x86_64.elf File opened for reading /proc/1859/cmdline x86_64.elf File opened for reading /proc/1940/cmdline x86_64.elf File opened for reading /proc/1952/cmdline x86_64.elf File opened for reading /proc/1955/cmdline x86_64.elf File opened for reading /proc/1956/cmdline x86_64.elf File opened for reading /proc/454/cmdline x86_64.elf File opened for reading /proc/583/cmdline x86_64.elf File opened for reading /proc/997/cmdline x86_64.elf File opened for reading /proc/1689/cmdline x86_64.elf File opened for reading /proc/1965/cmdline x86_64.elf File opened for reading /proc/1967/cmdline x86_64.elf File opened for reading /proc/2502/cmdline x86_64.elf File opened for reading /proc/509/cmdline x86_64.elf