96e4c92dd586df836098dee4a6abf5c12d049644b26b823ce7f61e9059cf15a9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

avast_one_...us.exe

windows10-2004-x64

8

Resubmissions

11/06/2023, 15:30

230611-sxqvnahd44 10

11/06/2023, 15:14

230611-smb9hsaa6t 8

Sharing

General

Target

avast_one_free_antivirus.exe
Size

257KB
Sample

230611-smb9hsaa6t
MD5

80f58d6ef4b70c919ad7ac78f8dfb521
SHA1

741a937ad4df1922ee99b2d40ad68664ef29356d
SHA256

96e4c92dd586df836098dee4a6abf5c12d049644b26b823ce7f61e9059cf15a9
SHA512

107f1806a9a1603c2e545ba41895baf60954748f09a39bd9a28ee71c7a97f693feffcee123063c02ed7d4173cdbc5cfdb41c1081be51d28989d995b0e8543cab
SSDEEP

3072:V2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh1n+Tt:V0KgGwHqwOOELha+sm2D2+UhngueC

Score

8^/10

bootkit discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

avast_one_free_antivirus.exe

Resource

win10v2004-20230220-de

bootkit discovery persistence

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  avast_one_free_antivirus.exe
- Size
  
  257KB
- MD5
  
  80f58d6ef4b70c919ad7ac78f8dfb521
- SHA1
  
  741a937ad4df1922ee99b2d40ad68664ef29356d
- SHA256
  
  96e4c92dd586df836098dee4a6abf5c12d049644b26b823ce7f61e9059cf15a9
- SHA512
  
  107f1806a9a1603c2e545ba41895baf60954748f09a39bd9a28ee71c7a97f693feffcee123063c02ed7d4173cdbc5cfdb41c1081be51d28989d995b0e8543cab
- SSDEEP
  
  3072:V2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh1n+Tt:V0KgGwHqwOOELha+sm2D2+UhngueC
Score

8^/10

bootkit discovery persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Uses Session Manager for persistence
  Creates Session Manager registry key to run executable early in system boot.
  persistence
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistence

© 2018-2025

Terms | Privacy