Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
148s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240522.1-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
16/01/2025, 18:37
Behavioral task
behavioral1
Sample
pecga.x86.elf
Resource
ubuntu2204-amd64-20240522.1-en
4 signatures
150 seconds
General
-
Target
pecga.x86.elf
-
Size
61KB
-
MD5
913353db54854e8de108c656223a345f
-
SHA1
30343e7bacc996d0d019e4c9f5cd6207e3c74d8e
-
SHA256
09f5d05ae9ecfefa189d7d0181823d653cba059429bf2431113d6cdf32ecb4b4
-
SHA512
14cea14214f056929358fea1fda96557341b2a536b53560b49544615497032a067c2ca9924ccb3ca3898c8cf7e9c8850f40936f8ebf0959d784189d362d430ff
-
SSDEEP
1536:kBGfyT5OGMMt4cesUTeFIv5TzHhyn10okMUIjOepn2w:kcaT5OGMMtmaATzBGaZMdKan5
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1553 pecga.x86.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog pecga.x86.elf File opened for modification /dev/misc/watchdog pecga.x86.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog pecga.x86.elf File opened for modification /bin/watchdog pecga.x86.elf -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1553 pecga.x86.elf