Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PAYMENT COPY.zip
-
Size
830KB
-
Sample
220930-rnewcsefgp
-
MD5
7f0c1b7a21fad519b2087903cf24bf06
-
SHA1
f1062361f1abbf2dab1ba248687a26d2484b28f9
-
SHA256
438153728a6eb77664398020d884c6eb1fd74f39116090b502b39c2116765f20
-
SHA512
5ef46f3ef42b37dfc58ee4e65b4d56795ccdd3d352ad0e60d2596253e95c75b3d08a4748713d09201e49d9583f8f53d254e12d4d216e2962a1ac5604c3fd6bae
-
SSDEEP
12288:sVW9+/2iLFTG7KwG+ve6AWzGMhGY75bp1he8n/PIGSBDs4X8XTM7tpDMYnpc0jIH:sL/1xi7KwG+vPquGYHy8nIi4MgBjIWIl
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
uymo
A4J+j1lFUiMbPgQD0uzpdg==
F3lajp/JwxgpzPZ3bf9zrK0EzWDU/JY=
bOCwjfx/jOF4Las6GFv7+tQ=
9BDZHgUVSa1ypSWjNcPR
S9u+wp+ai+yEW4OWIQ==
wXxiP8BRWDG2JiTw5XA=
VeumNjNg3QeL/qtw
KYxbMI9RU7eqPpEYg1v7+tQ=
zwfU2Vv4NxXzDLy1IWFrDo3iqOoV1KB3
0XQ3wM3oGntH+iTw5XA=
nx7p2XIfYkHv9+Uu+VKx3l41j3mS454=
+BIOmtNni5xbAo5VEZFYQFAw
tkQa0SXOEjV/0yTw5XA=
YOLHv42Us4eMrHCod80dYluXJzNn
HZdsbBNsdAvOq+cr4CaIfg==
YlQ/0dwFQYtd+DXIxzKUlO8kBc9C9A==
mCL+zS69yZ9DyvVMC4399tE/Xk0V1KB3
+tXLkwCl2LyCqaNnalv7+tQ=
yPzM2bjLKPyixsjWSoWe9NI=
KQPQVL5puBHigv/RmyAU0ExD4GDU/JY=
JvKyLYsRMI2eQH4OQrebYQ==
HvrKKC9HQdKSW4OWIQ==
p9Sx6ie6rYwuxDm5sQbZ
UaaHyOMC+VT0Q3/1g82zLvwXcl1+
66h/Ay3OGvu/EiTw5XA=
PXw/UO+Fm7Bx5SWEL6cRC5YvSwRwCsN/
Q0EktsDXF4M+v+O5jgzO
x9Kw+8TDzSQYyA9uGFpUp06Ywg==
ZLBtbv+o8Pfz3kbXRID+Bs2RKmr1Y04b5A==
Osy8wKGdt5mXpm52/Flbp06Ywg==
a/i5N40UXcn0GNTLR1rmrvkALU0=
KR/wD+0NEqt/W4OWIQ==
2IRS4je8+cSuTIMUEFv7+tQ=
G3pJUeaZF+49W4OWIQ==
cx7olwCt/6K97JpoDHow8EvAl+dw
K6Jc4l8WqbXE
mYFozKXUK7zUgdNTV93qhvE4
BW9RWSo1MY8tRjFxN5Htp06Ywg==
hc+pu5Suqw8QnZmuhctYQFAw
sFAJl/t7tBhCaSe5sQbZ
MG1EEShq9h/ae+c=
1ibC9F5Npwk=
68qwb3sWqbXE
/PjVVbxRrjMwW4OWIQ==
Rsy3gq6/sg==
i5tqtbri2SfQBQ1KElv7+tQ=
eKiFlF5eqbaL/qtw
9q6BF270EWZsBy91cLQWC9Y=
ExLkJvn7EKVudy65sQbZ
TgDl2cXOEr2kLiTw5XA=
c93K2KWlHs9W8STw5XA=
BY6GjF6ClSTg7OO5jgzO
TX5lkGNnpv/R9A==
hOKqhe2K0sB4XAgC0uzpdg==
njAAwivU9M1kwnwLfFv7+tQ=
tuCt6svLyxcDrfhHQrebYQ==
YgFhX0yTVL5EuO8=
BE4kVDdOjvOjDi56Klv7+tQ=
Lr6Qa81hdlH6qzm5sQbZ
RJ92hwuPn3oQqi65sQbZ
C1EcGPQnM5EvQzBwKVv7+tQ=
hO7e83wwjpdAyQF46fGqKv0Xcl1+
4cuR28DW6bUyJdWnW+XtlpmciXEj7Q==
skDwJ+vzKjvc/g==
cdrhdl.com
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
1.0MB
-
MD5
40b8041f55f40b2975deb791cdd40f17
-
SHA1
c0a57f918bbdd09d69e2fb380ccea7cc69e65ba8
-
SHA256
9a5edc79c2643926c35c6e83248b6c196c5cd081f74b3b689ae9f02be6b18369
-
SHA512
f3f0cbb4bd3515caeaad79f99e050445e02a6678ecc679206dca1c7b701785fd65086e10e7eedf4ed55a3196f8a2995961b92a7ae1bcab93bf71b11f2ac4f995
-
SSDEEP
24576:iqJo1MNiwGovlW0G4lA0PsUCiyfTwWQn:iqiKlbfPbCiy7w
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-