Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
USD92.15.exe
-
Size
997KB
-
Sample
220916-j7afzsaghj
-
MD5
7b711b729b01c38bbbed5ee08ef88347
-
SHA1
45c70d807a9b741aec980b559ebec0c79a4cd1a0
-
SHA256
6bf5a3809ca423061cb16a815ca5e5f3ba86d6c7fbf5233fd68b589012eae0ab
-
SHA512
b94950da81e664bb2248411c39adb748f2042cad9e03ed4c212913e1b6e861d99e174b39e90084eaeeeaae6e067af7fd164ecf20d2f115a0ae77ffa9156f4581
-
SSDEEP
12288:vJ6ShV7uikFgEeYeFav5bq5/wA9IVBrFPVgIBzcJtNv2j:h9hlubgSeFOb6/6frFPVXBzcRI
Static task
static1
Behavioral task
behavioral1
Sample
USD92.15.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
ejgp
+0NM3RekW0bfgQ==
iQmI3Aw2aoOljoA0XZi1
5Ei2CVwQyOgZwV/u4eiMFdKqc84=
ImSvoul9o0reZ9TKUAUkXgw=
kuCrMIco5vT3sxCUQ+pYsVoG7Q==
btgpLo8XM+qHGLzoizgjRg==
fqK2iM5vW0bfgQ==
ObS1UE+TByKRZozamdULr0naXbKPLA==
bcohBkmNNcpp3gJ/XE2/mBs=
yY5b/cLb3+0llg==
GVEVqBNXl7Kic2Sm
Tqpt2tTlW0bfgQ==
eurYRI7UFDBjDbzpIJKz
7wwDuczemAaJNrrpIJKz
bprQyLvLEj+hhMLHHg==
qdoAqq/XOjh0ItzLLJpHBgxoJgM2
gr5SnMA66BpM8+hUM+iawNKeZsQ=
XLoO6yFTsdNuEYpUPfScwqXEk7dqBnU=
vS2Cjfg0tqBF1GpuHemLV8/g4wUwPspS
U5wqXJjP/u/qg3sE+YKsgVVByFw+
6Qul0MI57A40ueX7Uh8=
IGr1GFkQxOYclTlq1dWwCpfrYMI=
cqLh+QczhrzdZ2/pIJKz
HGi2j8gM2ZZA59e8Fw==
htYvQKbmdF0SvUP67ebXcmE3/uzNMA==
5v+uDDzlnYEi1ys=
HZgZRHcj3fw3GH2WCQ==
RrCaR398Tdju
b5upYoKjGFXjloTNQrLms2lByFw+
Q7qnTXgEBa+lHRZKrRuPlU9YZLdqBnU=
D6clUYImrLoeAHaqFA==
xdrcmoa+AO/ZYVXk5sFpEtKeZsQ=
erJYeX6DtVY13U11VhE=
/D4wGJyUf5zg
uDNlLJ19Zvw=
e63EgpreYHnpZYPp1dH3jRE=
oAPyvNkPg48R8KipH1pQ5IF+TZrce3/+wA==
w/i5TF+hHlGzaZhUS+5hH+hmTNzxpAVa
ke0iGwcm3+0llg==
bbGaZYKNNrQSyflWyj2oBpcs
ha++gwt5rlQFqw1AQAg=
scSTL3/FbwOXHqajWkgqmh0=
H4jWx7vLqks1vMokkMz8Kuz4Q1aKOA==
0CViYGqjx2gOrg1AQAg=
XqhAovm0cUgU4nwrHA==
s9DajO14+Pg00F5cycZfDdKeZsQ=
/HLFmNRxdB8z3Q1AQAg=
MsYIc6M9vORxWJegDQ==
a+NfdmuRfybXudoLcbTZsUchqC4n
XMCW+zV1raKke7MgExDNZXH8+g==
r99wvAFBhLrneJhGGpLIpmlByFw+
HGgnm5S6dOdvFrTjizgjRg==
YLDq+w1ChoRmBzaUen3gul1u+w==
pu6vTWRtJ6cZAHaqFA==
nAaG1vUgYkodsNJdUE2/mBs=
X4qhboKOVCMz3Q1AQAg=
pt2iMklSGz6NIhtaufwrUg==
6UyWemOlpFZoBCTe5NUBhwY=
Ycwg9jPgC75kB59QizgjRg==
grRAZIkanoVJ3Xs5HQ==
Ep4taphAwK6ic2Sm
SW5qJj5D6BfSgA==
R7gN/vcdVnJ/i8AHeO9ldkhW3XDPNMhS
JEJUAPMTjbY9DrrpIJKz
naik138rtp.com
Targets
-
-
Target
USD92.15.exe
-
Size
997KB
-
MD5
7b711b729b01c38bbbed5ee08ef88347
-
SHA1
45c70d807a9b741aec980b559ebec0c79a4cd1a0
-
SHA256
6bf5a3809ca423061cb16a815ca5e5f3ba86d6c7fbf5233fd68b589012eae0ab
-
SHA512
b94950da81e664bb2248411c39adb748f2042cad9e03ed4c212913e1b6e861d99e174b39e90084eaeeeaae6e067af7fd164ecf20d2f115a0ae77ffa9156f4581
-
SSDEEP
12288:vJ6ShV7uikFgEeYeFav5bq5/wA9IVBrFPVgIBzcJtNv2j:h9hlubgSeFOb6/6frFPVXBzcRI
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-