Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

quote-THP1...20.exe

windows7_x64

10

quote-THP1...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quote-THP1403 080620.exe

  • Size

    456KB

  • Sample

    200707-ta5yekz8cx

  • MD5

    04e9512a58cc579f1a304cf851c26953

  • SHA1

    11abbf143e53cc33fd9f3faaafcd405d1554c3ab

  • SHA256

    c327cc4c54ba20e649ab27c83ea7d5fcf2a596ae3f9feb50b2f5d550bcb71bf8

  • SHA512

    89bc87c2289b3dc9ed2aef97ce3a44634c60d0f8fb842691fa7c1a2ec6a184fad7ab345d8d5fd673f4e283e6e3774f6d5ee8522abb29e9aba4d2c29f0f80967f

Score
10/10
formbookpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      quote-THP1403 080620.exe

    • Size

      456KB

    • MD5

      04e9512a58cc579f1a304cf851c26953

    • SHA1

      11abbf143e53cc33fd9f3faaafcd405d1554c3ab

    • SHA256

      c327cc4c54ba20e649ab27c83ea7d5fcf2a596ae3f9feb50b2f5d550bcb71bf8

    • SHA512

      89bc87c2289b3dc9ed2aef97ce3a44634c60d0f8fb842691fa7c1a2ec6a184fad7ab345d8d5fd673f4e283e6e3774f6d5ee8522abb29e9aba4d2c29f0f80967f

    Score
    10/10
    spywaretrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks