Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

Antiskidware.exe

windows7-x64

6

Antiskidware.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    46s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Antiskidware.exe

  • Size

    263KB

  • MD5

    f95bf4a254e77a62f3b28b4dbab81c0f

  • SHA1

    ccd54c7982462ad609910e3efd16eb2019f0bbb0

  • SHA256

    6093c7ea42c6fb3ad97554d97c7d3f7325ace04b9b3c871cda903d0cb9a09b06

  • SHA512

    cba0a0293f0e4c54b905bf05926d7430391a27a76a12ead0b5b6fb023d2e9841955748e573d39b33ca2f14bf862a463a9faea1f58179fff720a54326b91b2d5b

  • SSDEEP

    6144:ibEUAZILJUgCpulQV7YTYic7+VaKHi+JrzY57vFc/K6786TEn46Ipi9MxipElBBG:oAZILkulKYT3C+y9hV

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Antiskidware.exe
    "C:\Users\Admin\AppData\Local\Temp\Antiskidware.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 80
      2⤵
      • Program crash
      PID:1088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads