Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    avast_setup_offline.exe

  • Size

    698.1MB

  • Sample

    230214-ac4lxagf8z

  • MD5

    9a20a05ff03f91145e826b0a778422d2

  • SHA1

    8bbc9f4ff8a4e04afe41edb7287a9b2470864a42

  • SHA256

    08e7454e5ed4466e82e148134e179c3aaa1062ffb3448c1d7240dfa5c36c2371

  • SHA512

    8099169e868053f225742dbf855eafe76f0f81daf09726f166b561f79e01526f5438708dfac27c4168c3d3650869ffc260734ba90f6d2b5b11713f8274761b91

  • SSDEEP

    12582912:fZYcu+AIJEfIub4XU723Ko1cqB6rSfuzpk0gF+s9PkZnNmTxh4XpV:fucZA1HbF723Ko1vjuzT2n6Ab4r

Score
10/10

Malware Config

Targets

    • Target

      avast_setup_offline.exe

    • Size

      698.1MB

    • MD5

      9a20a05ff03f91145e826b0a778422d2

    • SHA1

      8bbc9f4ff8a4e04afe41edb7287a9b2470864a42

    • SHA256

      08e7454e5ed4466e82e148134e179c3aaa1062ffb3448c1d7240dfa5c36c2371

    • SHA512

      8099169e868053f225742dbf855eafe76f0f81daf09726f166b561f79e01526f5438708dfac27c4168c3d3650869ffc260734ba90f6d2b5b11713f8274761b91

    • SSDEEP

      12582912:fZYcu+AIJEfIub4XU723Ko1cqB6rSfuzpk0gF+s9PkZnNmTxh4XpV:fucZA1HbF723Ko1vjuzT2n6Ab4r

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks