Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.1463.exe
-
Size
1.1MB
-
Sample
220908-m3dvdsbegk
-
MD5
0ce09a0d9e6f501f9b4839058a712ef6
-
SHA1
de969216ac3b44862c490f0d8e74911fe36915e0
-
SHA256
68ecb3a0784bbfd4ac9f3d1c76cfc09cff02b4298839e2e1b293e9ef8833b265
-
SHA512
b63d3616ece35dbe634558a79d7d6cacc1b5d237288b440aa1f9e0e78c73f9cc1875e590dfed4269cb0b1ae41f982e388d9da0563a752371d33da83ff5745843
-
SSDEEP
12288:2qDhBzE3BExvIGnv9friMBm2pIsVMspKeUlP4ysY/LC+kobWX6GeakXwM:lcREqGFfri63K1sY/LoqWX6F7f
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.1463.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
s92n
granlogiasoberana.com
roblox-so.com
buycarsonline.fyi
thesaleworld.com
laterlifegroup.com
lov3stia.com
frdgg.cfd
businessllp.com
margaretsbeautifiedshop.com
123bet.store
sadalagran.com
psychedelicshippiez.com
bonitaspringskayakrentals.com
thorsbyinsurance.com
visionauto-int.com
k3cosmetic.skin
ilogtv.com
one-big-yes.com
houseofmorrow.com
pisigranjariogrande.online
dccasualwear.com
cuemark.xyz
robotics6.com
maddieschiess.com
centraleasy.sbs
attymarket.com
protectordoormi.com
integratedpayment.solutions
diamondtattoo.contact
alliancesecuritiesandcour.com
mountkaalaranch.net
nobodyspuppet.com
ygiciftee-zakroapsala.online
heartfocusedmethod.com
evolutionaryclassics.com
whizfirst.com
redeyeload.site
muslimflyers.com
mihantrade.com
naturalproductsv.online
perfectjobgifts.com
historias-abdl.com
growelevation.agency
humanresourcesai.com
prime-cmed.com
abhishekdanidesign.com
codeonsp.site
vaulteddb.com
drmurilobarbalho.com
sceju29t.xyz
starmapsky.com
winsettfamilyphotography.com
patibannister.com
condotel-vietnam.com
simmonsmotorsales.com
tobenaifusen.com
1yes.store
8565933.xyz
esenarh.com
701fegans.com
info-lani.com
bluenestcapital.com
41749.xyz
manageable-cv.com
bico-tender.com
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.1463.exe
-
Size
1.1MB
-
MD5
0ce09a0d9e6f501f9b4839058a712ef6
-
SHA1
de969216ac3b44862c490f0d8e74911fe36915e0
-
SHA256
68ecb3a0784bbfd4ac9f3d1c76cfc09cff02b4298839e2e1b293e9ef8833b265
-
SHA512
b63d3616ece35dbe634558a79d7d6cacc1b5d237288b440aa1f9e0e78c73f9cc1875e590dfed4269cb0b1ae41f982e388d9da0563a752371d33da83ff5745843
-
SSDEEP
12288:2qDhBzE3BExvIGnv9friMBm2pIsVMspKeUlP4ysY/LC+kobWX6GeakXwM:lcREqGFfri63K1sY/LoqWX6F7f
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-