b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

TotalAV_Setup.exe

windows7-x64

TotalAV_Setup.exe

windows10-2004-x64

$APPDATA/T...te.exe

windows7-x64

$APPDATA/T...te.exe

windows10-2004-x64

$APPDATA/T...io.dll

windows7-x64

$APPDATA/T...io.dll

windows10-2004-x64

$APPDATA/T...lt.sys

windows7-x64

$APPDATA/T...lt.sys

windows10-2004-x64

$APPDATA/T...bb.sys

windows7-x64

$APPDATA/T...bb.sys

windows10-2004-x64

$APPDATA/T...gr.sys

windows7-x64

$APPDATA/T...gr.sys

windows10-2004-x64

$APPDATA/T...io.dll

windows7-x64

$APPDATA/T...io.dll

windows10-2004-x64

$APPDATA/T...lt.sys

windows10-2004-x64

$APPDATA/T...bb.sys

windows10-2004-x64

$APPDATA/T...gr.sys

windows10-2004-x64

$APPDATA/T...io.dll

windows7-x64

$APPDATA/T...io.dll

windows10-2004-x64

$APPDATA/T...lt.sys

windows7-x64

$APPDATA/T...lt.sys

windows10-2004-x64

$APPDATA/T...bb.sys

windows7-x64

$APPDATA/T...bb.sys

windows10-2004-x64

$APPDATA/T...gr.sys

windows7-x64

$APPDATA/T...gr.sys

windows10-2004-x64

$APPDATA/T...io.dll

windows7-x64

$APPDATA/T...io.dll

windows10-2004-x64

$APPDATA/T...lt.sys

windows10-2004-x64

Microsoft....cs.dll

windows7-x64

Microsoft....cs.dll

windows10-2004-x64

Microsoft....es.dll

windows7-x64

Microsoft....es.dll

windows10-2004-x64

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 00:35 UTC

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx blackguard

5 signatures

Behavioral task

behavioral1

Sample

TotalAV_Setup.exe

Resource

win7-20240221-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

TotalAV_Setup.exe

Resource

win10v2004-20231215-en

discovery persistence spyware stealer upx

windows10-2004-x64

27 signatures

150 seconds

Behavioral task

behavioral3

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral20

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

Resource

win10v2004-20231215-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Microsoft.AppCenter.Analytics.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Microsoft.AppCenter.Analytics.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Microsoft.AppCenter.Crashes.dll

Resource

win7-20240220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Microsoft.AppCenter.Crashes.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys
Size

152KB
MD5

6b60c0a7fdbabe955a183ae3b524d543
SHA1

be68e043fb0f6e0ca745b8361924ad0869bf2bb9
SHA256

33d6cc050cefb737b70431c7e493a0d7b7f5ae7546d36fd24a5d4b1ebf29d307
SHA512

040ecbb33bbba5bba6206cee7717cff01fc8d3436762a4f2af6647cd9f02b31d48538ebc0d91b627fd0f9324375544905c2e09e4040c55b3642480e683f73df9
SSDEEP

3072:3dxo0Wbd5kOx92/nQdp2kRaZE/I+j8CR/ehwdwTe6vuypGe08Uxb24lOPy:3dxo0Wbd5pJ/I88CR/p6vAnA4e

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 11.0.1\on_access\win32\win7\avgntflt.sys"
1⤵
PID:1276
- C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 11.0.1\on_access\win32\win7\avgntflt.sys
  "C:\Users\Admin\AppData\Local\Temp\$APPDATA\TotalAV\updates\SAVAPI 11.0.1\on_access\win32\win7\avgntflt.sys"
  2⤵
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-0-0x0000000000010000-0x000000000003C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.