Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Kaspersky.exe

windows7-x64

6

Kaspersky.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Kaspersky.exe

  • Size

    2.6MB

  • MD5

    0467201ff1aae37c80eb2bf52b541b6b

  • SHA1

    57f5344de3308df34ab8cb7a889ff05a64cc073d

  • SHA256

    8d1910480aff8d306b3e568b72bd0951bffec4cc86f37a9ab3a6ec1291b4d4fa

  • SHA512

    85b54dd6ce4b6bd1043c897d0498c5ad0cef5a7b915a578d383bed393bcaa296dd5d98c5ecaaae00440f09ce5d62261ee06824cfe420c05650f905359d8be1e4

  • SSDEEP

    49152:SX+4sQ/nN9T8JAGqyx4i8aQEWy1kexnGS4dWGeWyA/0:i+zQnNoqyXbWeGS1UyAM

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Loads dropped DLL 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Kaspersky.exe
    "C:\Users\Admin\AppData\Local\Temp\Kaspersky.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Loads dropped DLL
    PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\qmdr\dr.dll
    Filesize

    73KB

    MD5

    4f53e6f3881ff3e1ee1cc0dc0561410f

    SHA1

    31388b4d64164eaa5b79ee30bf22840f6b5955a2

    SHA256

    967bfd76354486919fd252a8bcb3d787af495a0a58bfb8a216b3776cdc2dfc43

    SHA512

    a652d85e36143e45bafc105f7f385b1dfa25cc83d7bb1c2b167999ec95f4dd27fc43ea91e14abc26f78395a202159807dbfd85394b30061b64fea285aab64921

    Download Submit

  • memory/2052-3-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2052-4-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download