Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe
-
Size
865KB
-
Sample
220929-srbhsabcc7
-
MD5
6cec68a114c5819a40c4b2d5fcf842da
-
SHA1
96d986f3ee7b4e8df59868337621d282ece89474
-
SHA256
764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de
-
SHA512
58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341
-
SSDEEP
12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs
Static task
static1
Behavioral task
behavioral1
Sample
764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
tbgn
72uabkWDao+ISa9+tnvd8g==
iHmPX6PZRe2+KUpH8bvyQ68=
DDZrOvw0IT/2cK9sgmSn5Q==
c9nixBxRvLxNBkHR/Q==
Ms/6ydhGJCsp8F8rmWeBMbg=
9vwtEc/074RPygwVx3vJk1Sj6nRnFQ==
3Xy/qN8agnyJQpliwmSqtMLvdQ==
4YelbYl+4fT6sSYguZ3Lhh+rSJQ=
3HSghdAThh2rZPMKqkifKesnqu9orLE=
zwA5DmqaB+VyYuw=
JcUFx6bdrcZbFjWu4rL4
IL7z2C5vtEdYBx/NAYE=
H4+ggrrmXwTFTain36T5
IBEn7UyPK8eER+id9w==
j7LfxdFDOWJlInsaWRhTRMXjLpByHw==
gBsrBXWAXWg9MqYDIug0G+l2k9gQ
432wiJgA7Ox7OsNDexmDtMLvdQ==
fJzoyChf4PQCtyIny2K6jQsBLpByHw==
gLTzwFJTKj3Pds0HC83YDd4h
EKPToXy2sdR1J4bau1KqkwsBLpByHw==
n0BLJ3KkDOVyYuw=
A5nPlJmHABzrW38NWw+DtMLvdQ==
9BxTH7Wokycy5DVybhhEnOdrqM5+Fw==
kkiWfLjpXvGqa2Ju2q7/
0wI+HeSwA5Yg2h9qB5Y=
2JDjt+sZjJhy7S7eS+ZDGu12k9gQ
KSlhQIJNKkzbgtgSBcPYDd4h
bGaca7bpTMpfFXZEznrCN/UgX4U=
rERwSU5CvdCcJ1WUYBVbELA=
gbfrtjlBGBxtZMT+
rqTKqjw1FOOqXb38
x+UL22apWOjw
5w5UNvkwIqFtZMT+
KM4F4yBLpDDBhALXT+NBqJHlYg==
hCSS+ziJPd7p
FEqZa7T/ZAP+SHk4khSFOgExiZw=
X9D94LP20PT+qe6UwVyxtMLvdQ==
GCw9FeUmJLfEcYcE/rX7
ln2PTmTMsAm3gcYO7rvyQ68=
l0NzQEeztM+UhhKb6qQHO8vkLpByHw==
Dy44GvArFjr+b5PVRdVRFLA=
AaLOqCMkCqBtZMT+
PGyohRQXB6BtZMT+
ES5YOkZRuMScVUzY/w==
HsTzufEym0EOdp2qameBMbg=
L8zs12RoSGMsIq4KC8jYDd4h
trjSqAOMsk8biq3c5o4ASxfBCxIc
+xdAIeYQ8BrbUUcSTASB7A==
i4W0n0+Fl14wrg==
udv20NPJH7hA+n9wHa8B/pCg6nRnFQ==
YARZLjhJpUdC/GCwo1vOyEB2k9gQ
UnykcAIQCqptZMT+
bYKQUSJsj2IlpA==
b2Z2WuxhssuJCCaegmSn5Q==
1PQk7bDq2fC9uDmIeAEThgw6d55xFw==
kByfCP0oExxtZMT+
UabfuasX8/7SsjR59ZDQ+axsfQ==
5IObbHdquEbbhtehM+dbAtjwLpByHw==
mhwp/B8igSLkbrcK8LvyQ68=
wu8D4fx4l14wrg==
hfQP4/DqY3hO1jQGkWSqtMLvdQ==
xrDDq3GypdOPftZP+ZA=
zJvbrzWoDaptZMT+
S/gx/Av8UfHCvFIyd2bBg1zqws4J
atm.promo
Targets
-
-
Target
764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de.exe
-
Size
865KB
-
MD5
6cec68a114c5819a40c4b2d5fcf842da
-
SHA1
96d986f3ee7b4e8df59868337621d282ece89474
-
SHA256
764a3d3a0444a7bafb816a39624a5e2ae85c0465f5d13c63dd6fda04a35696de
-
SHA512
58265c58039a514d7cd888c612a15ea1073ad209cf72627aa20b11f0a53351d42bf6a5a01860da5c22036e38fe17ec5f00d914f29992b9a062d7958556688341
-
SSDEEP
12288:+UxjsqTpr6h76xNUNpkUmVhzKMJBjUwkBrjXr5dsAjPJc:1pTlr6d6QTkpVJ9TYwoTs
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-