71a83ef659aa734ae2dfcf7e106f3003e03fd29931e50ce9cf7f926cabd5ff06 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

kaspersky-...90.exe

windows7-x64

8

kaspersky-...90.exe

windows10-2004-x64

8

Sharing

General

Target

kaspersky-21.2.16.590.exe
Size

2.8MB
Sample

221229-s83nlagf41
MD5

051a4c0c1f78a4acfd61af4a00c04d9a
SHA1

a7d5522903f48c89f24f8893c480b8eb0360198e
SHA256

71a83ef659aa734ae2dfcf7e106f3003e03fd29931e50ce9cf7f926cabd5ff06
SHA512

1b4f8dd6f7f48ec130587782936a10e016cb69234fef30b2b19ee2eb1948f7b1ff15a0085746d122018db65d89748681c2df51da011cb145093cbdb473e389d7
SSDEEP

49152:alINc3mvkxv9HnIyB8cKGdUDUe2QK0m0zJgHvQtuEG2EeyByoyjf02yt8o15D0:8INc3vbHnIyB8dGdU4e9Vzxtu/2ndogI

Score

8^/10

bootkit evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

kaspersky-21.2.16.590.exe

Resource

win7-20220812-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

kaspersky-21.2.16.590.exe

Resource

win10v2004-20221111-en

bootkit evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  kaspersky-21.2.16.590.exe
- Size
  
  2.8MB
- MD5
  
  051a4c0c1f78a4acfd61af4a00c04d9a
- SHA1
  
  a7d5522903f48c89f24f8893c480b8eb0360198e
- SHA256
  
  71a83ef659aa734ae2dfcf7e106f3003e03fd29931e50ce9cf7f926cabd5ff06
- SHA512
  
  1b4f8dd6f7f48ec130587782936a10e016cb69234fef30b2b19ee2eb1948f7b1ff15a0085746d122018db65d89748681c2df51da011cb145093cbdb473e389d7
- SSDEEP
  
  49152:alINc3mvkxv9HnIyB8cKGdUDUe2QK0m0zJgHvQtuEG2EeyByoyjf02yt8o15D0:8INc3vbHnIyB8dGdU4e9Vzxtu/2ndogI
Score

8^/10

evasion trojan bootkit persistence
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bootkitevasionpersistencetrojan

© 2018-2025

Terms | Privacy