Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    17/01/2025, 01:47

General

  • Target

    pecga.arm7.elf

  • Size

    153KB

  • MD5

    3c0bbcdb22865b5c0b86e9eb97015767

  • SHA1

    b202e6a9c862234b2287b6df1664ca4769098630

  • SHA256

    4e64cc3e81967c1b53542f1565097c315fb288621762aaf4b754f4a5ddd03678

  • SHA512

    510b31de62ce9acd3112c2f683946f9ba06ea79192444a053289831512d567b547a1247dd6ba2dfdb4be0d624cf88c25a102168749b19fe97af1169006966b5f

  • SSDEEP

    3072:xk12vV4vjOcwB7amn9l3L4BpLrAuS2CrrWWS4PRM/99nZ:xlvVWVO7amn9l3L8puPrWWnpM/99Z

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 2 IoCs
  • Changes its process name 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/pecga.arm7.elf
    /tmp/pecga.arm7.elf
    1⤵
    • Deletes itself
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Changes its process name
    • Reads runtime system information
    PID:649

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads