Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEW_ORDER_00041221.EXE.exe
-
Size
6KB
-
Sample
221007-sqrtdachhm
-
MD5
78715a3a620e1f4b1937a1bd7e764e57
-
SHA1
0b67de4eaccbfe16d41bedc538b2a64bffaecbb0
-
SHA256
37ad2a3bfe4e60fb4ad6f9edf3bd25602ebdbacf2ce429e96c3ec7b4213090e2
-
SHA512
b55a095194d506bd111fe9d93440ee97be0f9418256e839ee3ce892af1206711402c493bdbeca021d4187433c0f080febfa44451e03737c3ddf6f0b6c9ccd91a
-
SSDEEP
96:x+UKECqBC+bbhb4Lp5zV6ur8y2LnfoYYMxaDzNt:xgwHhcLp1V6ur+LfoYY5F
Static task
static1
Behavioral task
behavioral1
Sample
NEW_ORDER_00041221.EXE.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
gski
w4dqmeRbroucK1d6Rjoieflr
4aOmGT8hdudzUsv7ZSwieflr
3sTC4jMnhzX+pOJNTZ4=
JcH9cI2V8BEeA0eA
doY0NLSYANTXiHt9/fbsP706cA==
KhN1zCT4Nb5T//UnNQ==
y4/RV2RRqNEr0c4nzNWP
x8sfUpcmiXqxdfls0dSN
rlygM3RQmQ7DliRSBQUKpWJ/FuU=
s672RU9HtT3XWaTvdEidsoLRjZb5J5oE
uaT/Znv3O9WfXs8GBluj2Z2szeMP
QvElhI8JUPHBlRsjsodB5GmUzO0W
2uM5rt7BEpcswwJhDA8JnA8=
TDFfhORfvuRP//UnNQ==
MtPNDl4mh1dSxgZs0dSN
ejpoOLXE/Wa7zMwppl3JOt8faA==
8qPraI3lOFSrRmCSR4EnHQc=
+LOpAwtx0LfGnOJNTZ4=
wMQehpwddDxHII+rVCwieflr
8KPhZrjGG//aix1s0dSN
BsfyXJEZYAPIjgAvbJD/Kw==
hUsZO5Cf7TW7qBNs0dSN
8AVFhnVVn+Bi5gpsdtKa
PTxvvNhJl3V99uJNTZ4=
FNGt4DYFb1SMVsMHqJtl72WUzO0W
KNOt0/v1SVhv8uJNTZ4=
OwXyQlRLkKTklAlsdtKa
rKfyK4D9Pf7ToRVwQ5g=
3qHce9FhZnO9kgZs0dSN
E8YGjcm9CYBB4hIqbJD/Kw==
HOfPGBv2XfK7h/0qbJD/Kw==
OiCFFEDqFh1q
FsedwRag/OHy1TJLYNoDOt8faA==
vnxghcKh941LAX2YREAsL2J/FuU=
3ofaZaOZ7Wv/cr/k9YEnHQc=
Vkeq+/TvVqcuutP7ZCoieflr
qU8tZWj5TctWxPQbM5XN0t9FTRFMjQ==
MyCA6uk7gVBGLnCT
MO3eJ01NrPPxqjBS5blMV1CtnTxelA==
q3VwvBkvQd+ziO8ZTtYDOt8faA==
wInQTFwsRxXioOJNTZ4=
GbyLvKRz3nNIHJnR8IEnHQc=
9Ns8qqkBSgb5dqjj8IEnHQc=
g4Pldta5Fe7zZaDFdX5B5GmUzO0W
oKy07PRSo6Lfjfls0dSN
nEF99ADaK40Uz9cWMw==
/k25lD4H5LIH6mc=
tnG8Q4HtU4oUAYCZswpGe2CdHKIeFbY=
f01EnpxmfjPDOA==
Zg+Jrh7u7LIH6mc=
EL8Nf4xctT715S1cVJw=
JxyHDEjOM0eMJxEyPw==
NTGS3y+b9QgKBnWZ
Y1IFUY4aJT13
PDqeAfhXs5LMdpq1USsieflr
FAeGDEO5CfsOksoHSD8FPA==
dD1UPp0DZLxFB/QRLA==
qnC0NWpkfjPDOA==
0IeuAfNJmGZ3b7YtQJQ=
A78FfJOK4T/BJmKNgtD/Ot8faA==
M92p3zizGhwrkcH4nbrvA+QuTRFMjQ==
eF/CJzzFGbeKW5YMI4c=
9bP5gsxLl212Xtbv8IEnHQc=
rZsDg76qCb28nOJNTZ4=
mezaika.com
Targets
-
-
Target
NEW_ORDER_00041221.EXE.exe
-
Size
6KB
-
MD5
78715a3a620e1f4b1937a1bd7e764e57
-
SHA1
0b67de4eaccbfe16d41bedc538b2a64bffaecbb0
-
SHA256
37ad2a3bfe4e60fb4ad6f9edf3bd25602ebdbacf2ce429e96c3ec7b4213090e2
-
SHA512
b55a095194d506bd111fe9d93440ee97be0f9418256e839ee3ce892af1206711402c493bdbeca021d4187433c0f080febfa44451e03737c3ddf6f0b6c9ccd91a
-
SSDEEP
96:x+UKECqBC+bbhb4Lp5zV6ur8y2LnfoYYMxaDzNt:xgwHhcLp1V6ur+LfoYY5F
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-