Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

quotation ...df.exe

windows7_x64

10

quotation ...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    quotation List #039.pdf.exe

  • Size

    325KB

  • Sample

    200710-emksb34y66

  • MD5

    2b1b6a99d9427ced3bcaaf141dd36b34

  • SHA1

    43e55e4c97dd72e3186e1849242f3cd62d991bd6

  • SHA256

    36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

  • SHA512

    1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa

Score
10/10
formbookevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      quotation List #039.pdf.exe

    • Size

      325KB

    • MD5

      2b1b6a99d9427ced3bcaaf141dd36b34

    • SHA1

      43e55e4c97dd72e3186e1849242f3cd62d991bd6

    • SHA256

      36f76be816898a8ac90603edeed2ff90983d062f047f6e00c66d54964c582cc8

    • SHA512

      1b73afad027bf565e0e4007ee5c6d0cd5b2420182c4de7179dcef7f7f91789aabab8a2b4efd17a5cd50432c3598ced5058130104daa57d9f0f8b71c4fd41b1fa

    Score
    10/10
    spywareevasiontrojanstealerformbookpersistence

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks