Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2
-
Size
105KB
-
Sample
221201-fw1x1sgc64
-
MD5
7de0574716e70d50a85b4861d9144cd1
-
SHA1
c3d95c99a529f55d0358c847c773081d321e54fc
-
SHA256
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2
-
SHA512
5beb7a79264e69e0b481f7f53c157350ac707f51cca7689464a2a5ad06f3fd72c981647c6af83ca996ec60d1841734f987eeb113442ecb0d89799640974682e8
-
SSDEEP
3072:WKKJ7rL659FUk0TaHoBU4lyOferrWcJbK+srqGBWooXmLmBIr:1WrL65/EKoVVGrf9srqGsoQmLmBO
Static task
static1
Behavioral task
behavioral1
Sample
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://paralysiesfaciale.com:8080/forum/viewtopic.php
http://paralysiesfaciales.com:8080/forum/viewtopic.php
http://shop.smsmpi.com:8080/forum/viewtopic.php
http://smsmpi.com:8080/forum/viewtopic.php
-
payload_url
http://kerrybrunson.com/dvF.exe
http://www.nause.com/LjRjU.exe
http://dackle.com/pM7v93.exe
Targets
-
-
Target
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2
-
Size
105KB
-
MD5
7de0574716e70d50a85b4861d9144cd1
-
SHA1
c3d95c99a529f55d0358c847c773081d321e54fc
-
SHA256
337bdd724065979e7e924c00ce530a2f20d51aca123e59bff34ab6e434e574f2
-
SHA512
5beb7a79264e69e0b481f7f53c157350ac707f51cca7689464a2a5ad06f3fd72c981647c6af83ca996ec60d1841734f987eeb113442ecb0d89799640974682e8
-
SSDEEP
3072:WKKJ7rL659FUk0TaHoBU4lyOferrWcJbK+srqGBWooXmLmBIr:1WrL65/EKoVVGrf9srqGsoQmLmBO
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-