Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb
-
Size
1.4MB
-
Sample
230201-p9z3badc78
-
MD5
6e5a788c4769930b873924f3ec758eb7
-
SHA1
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb
-
SHA256
67cedcf3db2450ff9b924403912629c01eb69f4d4d9ba4b16a6ffcd80fb2ef0e
-
SHA512
04f77e5a63b568b08561954296d0f34d259054d1bcbe14d8e4d9a5dd30740a8d1e49a49516d90adb81bf17b3ade9cd3229863d611417ee95631c1675472e9012
-
SSDEEP
24576:ouJ6FV2EU4kgskPFCMUC3aM/OmMkcN+7AUeRNP8DxnmPqKZnYGtbOcQmo5oCiDNW:Q
Static task
static1
Behavioral task
behavioral1
Sample
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
sk29
adobeholidaylego.com
labassecourdecaro.com
whhlbz.net
aikxian.net
myimmigration.net
etribe.info
fercosgru.com
everbrighthouse.com
finepizzavegesack.info
mesuretonradon.com
escopic.art
mapzle.com
panachesports.net
alabamasbesthvac.com
esghf.com
usrisik.com
activseal.com
eventplanningpros.africa
adufyuwefjdfuiwefl.site
kornilt.com
lotospharms.com
abovetheaverageent.com
pricesky.co.uk
arizona-nature.com
fireemblemgame.com
latestschgist.africa
kahtyadaringstore.com
desireblaze.com
onlychina.co.uk
howtoinstallkodi.com
gocobooker.com
gentechglobalservices.africa
panthersoftball.com
frykuv.xyz
aumcart.com
foothillvbc.com
iptml.online
thepsychic.africa
20np.com
itziaryunai.com
dothot.club
ciomm.ltd
offms365snv.xyz
hailiankj.com
naijaghost.africa
benguey.com
2022xin39.shop
104as.com
fairhouserentals.com
fbdsufh.com
7wgnib9t6.xyz
amagentnextdoor.com
asic-businessnames-au-gov.biz
khalifafoods.africa
leihatooke.co.uk
bpkpenaburjkt.com
dreamrunteam.com
welcomedenver.net
marketstore.africa
truegritconsultants.com
baroomclub.com
sexx.boo
bestshares.co.uk
drkilido.com
decornsweets.com
Targets
-
-
Target
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb
-
Size
1.4MB
-
MD5
6e5a788c4769930b873924f3ec758eb7
-
SHA1
fb12ff69d81b75634e8d16440e6e3a630bf4ccbb
-
SHA256
67cedcf3db2450ff9b924403912629c01eb69f4d4d9ba4b16a6ffcd80fb2ef0e
-
SHA512
04f77e5a63b568b08561954296d0f34d259054d1bcbe14d8e4d9a5dd30740a8d1e49a49516d90adb81bf17b3ade9cd3229863d611417ee95631c1675472e9012
-
SSDEEP
24576:ouJ6FV2EU4kgskPFCMUC3aM/OmMkcN+7AUeRNP8DxnmPqKZnYGtbOcQmo5oCiDNW:Q
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-