Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Invoice 16-36-55.rar
-
Size
633KB
-
Sample
220930-kft7radhcr
-
MD5
fefa9766790499708464fa8109a7a811
-
SHA1
5d0165ee039edcf97af4fc475d8d06a255348664
-
SHA256
334390d9684d06ddf9cba6191fc5ae450c3c8bcc3f3b0b667a855779573a2020
-
SHA512
c7223adcc758550877edc365d5e642638eb96d8e0b8201756779feb444b038f6fc880d4e5c66610a7e807a04ad419a38c303b3fbb089d72e1fbf5b8eaf0ce7e9
-
SSDEEP
12288:NEaQbPGIvFPkkq1Qsw6rrv5pYHHGWiBMKZsYgAJpa7nRzP32qIZQoO:NHYevk6Qx6JOHGW3KGTAD8RzZ0y
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 16-36-55.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
d6iz
FkA/Rc+zw+0paU+GEiQh+g==
u54Xp6nujzFowU4P
EOvDCsjIcMgdORQ=
AuwHDKo90fNowU4P
pgyJWSAeSn6PEafn3w==
3uX1Rw+ed9vrNQ==
jF5ap2Dv9C1PwGrd2Q==
HO748Nunv9ftKA==
Y3nTdCLF3gspa0+HEiQh+g==
sTcJEshxAzXL5wGzPaA=
E/w4u2Vb6henwGrd2Q==
HyiDPgQFmbk/EuMX3D7NrWLX0XU=
E2QDkA/Sapg7+GJV8ULKrGLX0XU=
OSgyD3k1WHd+8vQc48OmEfvTww==
AVwcD5BnNY6o588P2A==
OghAuUYpwNlqf3CtJsAyRL5h
qQbNBg5d+StQ22hVZXWVOK0=
/+bLGhaIK8gdORQ=
2EwZLB/UCA4=
he9L+LfD0TAFfsIA0Q==
39618LhWaZvFYcmHRZXRdlP8r8oP1L0=
s7z1wnx7m8vuarJ0NQUQ+A==
RyUzJ6hvlb/PDPNnfm56kmLX0XU=
lGpuWceFkcDmIxiWm1RDUkZZSLDxqLU=
Gw8aZzXP6A0hbk2DEiQh+g==
A1OnXBwvSGd0zkRERBqUd2LX0XU=
+BPlBoBXZqk880VGyZYJ
g0xlb+WjwuWLgGWbcSv646L/7H8=
QJAb8Ky20/5owU4P
o+yuwjj3Di0jnS9Z23kn/A==
u4BRnGoEFj9P5CyVORHEcFtp
FtwduryHKlPj6wGzPaA=
Xbc3/b5W8AZowU4P
rPhPpSDngq1C+UsryHWVOK0=
syvlOXcw1gQ=
HohUbfe/2AsZ5w+DI/RgP68qWQ2mSgckgg==
0KqIYc+jrOCmG2MV6ag=
6FHvXMR2IjRPwGrd2Q==
R8BFEszM4gVowU4P
IvwA+63AygOngvi4d9akV0Vc0wOKd7VegA==
I4E9TOq41fsEeA+DkHVXNLM=
9AlZ/7rBbsgdORQ=
+OC04r6Eo9F4d2uhayIoDq1wVQWdd7VegA==
e3WsF6RpyjevxK/ZrHp4EfvTww==
QziB7m9B5vkSQT++x0TLqWLX0XU=
TzY/OfABE0hr5lZGyZYJ
2/H8M9zKaqc0LCAsIgKcNKpMywp1
DftB17B9ibO5ClPid8+nkVlURLDxqLU=
8uA1zIIpLnaDxwTEh24+8g==
OIDzSLeLIznIiQ4I+8ZIVUVc0wOKd7VegA==
4lgaJrFzltDngBZkkXWVOK0=
Xsh3w6fahaxN/Zch6GQ88g==
hG58dhQaSFdg8FZGyZYJ
AOjxKuvwlM57Q8WRYUODEfvTww==
OQXRB8m/ZpUo8Gsr1yEgFpVF7umNGg==
18H/jhTkhKJBEIBiA2vpo1taR7DxqLU=
Oy5p8Y8XN2P46wGzPaA=
tvKq+Y4OdX2y
uzj88HJDWoCXPrhdJw3EcFtp
kuRvAsbTc8gdORQ=
Jqg1/uq0TIIl3DD3sVH1oFbZxQ==
x4q5Kp5yCi7Plh9HFNvNrWLX0XU=
3c3UrRPE3B8vX1rIXca+tWs57umNGg==
vKWtpVlnhK6yJ48Qn+OoVt2mQvlwEA==
cki3714.com
Targets
-
-
Target
Invoice 16-36-55.exe
-
Size
918KB
-
MD5
c5b76d08e1571dfd19d3ab265ec85b2f
-
SHA1
e9efd2d3ed741511025c1f1b0f1eb1d97aab111d
-
SHA256
10610b7b6275e7e957ad8992b94b7488d1d55ad72a169f1abc5410f10c717484
-
SHA512
bc99f126b422cf373af6f5851e7368471e0505e56a42f207a2d79b407fb3de95ebc1defe1ee0cfbaf46f09b3a514ebd45b3ca0195fdf0f8e2d94fc339138bd6a
-
SSDEEP
12288:Rj9dHqkbfDk3OLqKGTSXzurVj0dEaVj6NAIZuH9lu08jexVbQLJKKmIjYUkt+pLk:RRhHUKGTSXzuBjVZNNelu0FCI
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-