Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Swift Copy #09765.exe

windows7_x64

10

Swift Copy #09765.exe

windows10_x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy #09765.exe

  • Size

    690KB

  • Sample

    200708-8ja2t1vtl6

  • MD5

    f3b1bf9839a7f65a913e8298bb9ded82

  • SHA1

    c1b180b445500bbfbec473409683fb150afea3a2

  • SHA256

    ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5

  • SHA512

    ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      Swift Copy #09765.exe

    • Size

      690KB

    • MD5

      f3b1bf9839a7f65a913e8298bb9ded82

    • SHA1

      c1b180b445500bbfbec473409683fb150afea3a2

    • SHA256

      ea9d8c28e623cbabc1407aa3da7a681adb93ef3e758fe31aaf664ff3998cddb5

    • SHA512

      ce230ee76f1cce30226df6a5f15e7f807638a7e356e44cc17bb60aac84630975b2ce516f129e8addb0483ae72be5991ab9c495f3f18be97a913a46b57dbfb0d4

    Score
    10/10
    evasiontrojanspywarestealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Adds Run entry to policy start application

      persistence

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks