Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

stud.exe

windows7_x64

10

stud.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    stud.exe

  • Size

    755KB

  • Sample

    200707-z4wezf83c6

  • MD5

    6044900d66376321ad6f237d1b465ecc

  • SHA1

    0147db0583256b648680a54573b288f9167cca67

  • SHA256

    9099123ab27c467c09e2483339756820e29e6d8cd3d0346305d3873902e4af65

  • SHA512

    03fdca6dfdccc2a17abbfb42adfb5a89a5e2a32b9929efde0689da17967db406dd55f057162d2324605254c354130c8b73077fa9bc4bf23053878ffc5f239076

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      stud.exe

    • Size

      755KB

    • MD5

      6044900d66376321ad6f237d1b465ecc

    • SHA1

      0147db0583256b648680a54573b288f9167cca67

    • SHA256

      9099123ab27c467c09e2483339756820e29e6d8cd3d0346305d3873902e4af65

    • SHA512

      03fdca6dfdccc2a17abbfb42adfb5a89a5e2a32b9929efde0689da17967db406dd55f057162d2324605254c354130c8b73077fa9bc4bf23053878ffc5f239076

    Score
    10/10
    spywareevasiontrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks