Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

payment invoice.exe

windows7_x64

10

payment invoice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment invoice.exe

  • Size

    179KB

  • Sample

    200707-ah3h2tcajj

  • MD5

    3b2135422ad7974f674d9e3afffa04e7

  • SHA1

    e8a7ab8aea4ba52a5af377e4e77c983d9be2db7a

  • SHA256

    a361c3ef57783d4012857a289d088c19682187bb0b6f15eabb73865d1d54e180

  • SHA512

    c708e169d34d54fa0fb104d553b967c7748ab31602c622c96f880916af36d53a493e6aeef55b9e6aa0e4450487b1089c85af037fb6fb9af73936e05931f2e3c6

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      payment invoice.exe

    • Size

      179KB

    • MD5

      3b2135422ad7974f674d9e3afffa04e7

    • SHA1

      e8a7ab8aea4ba52a5af377e4e77c983d9be2db7a

    • SHA256

      a361c3ef57783d4012857a289d088c19682187bb0b6f15eabb73865d1d54e180

    • SHA512

      c708e169d34d54fa0fb104d553b967c7748ab31602c622c96f880916af36d53a493e6aeef55b9e6aa0e4450487b1089c85af037fb6fb9af73936e05931f2e3c6

    Score
    10/10
    persistencespywareevasiontrojanstealerformbook

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks