Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Purchase order.exe

windows7-x64

7

Purchase order.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mkhg_Purchase order.pdf.gz

  • Size

    227KB

  • Sample

    231011-ywvp4scb79

  • MD5

    de0ae3f99f1ff47343fa71aa67fdd7fd

  • SHA1

    aa84868e0ba497aab9e8c07088612849b0462552

  • SHA256

    8df9e7e9a0a6fdd7ab096d0d36f19be68982b346017317f0177488ca0534b683

  • SHA512

    b0f38a6383c85cab22fd85550e55b69e1fc89ae44e2dc3e3cda9146e80c509bbd19516f1a335427bec6d6e491c114359c82d0f7c05c90c441ee431be7d4baf5a

  • SSDEEP

    6144:yL9KgBtiZe9933jf1yu5BR523zT8PZVTyA:yL9lBt2e9R3jty42DAxH

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      Purchase order.exe

    • Size

      243KB

    • MD5

      2f8ab32cd008d8f7b8c59b4257acc417

    • SHA1

      2b0673eff53c58e036ca0fa270322fd5a9421b34

    • SHA256

      e9ae7232b9f8f855f4a1b5ab446c3b76a0d79493ae22e690b7e449fd9281f6df

    • SHA512

      969fb9e4074d5107863342a2d67181934b748889d9410f9741b937b514ed30a32c7b4c7b811fd32c57630fa94641ca1e86c0615a82b5af6d7d958ee368395654

    • SSDEEP

      6144:LnPdudwD8uaRyfusWm/VAfoxJ8N3mPxielGxpM:LnPdAuaEfia2uU3WxieoxpM

    Score
    7/10
    spywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks