Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
296KB
-
Sample
230209-p2cl2scd8t
-
MD5
1d920aa56457a163c9ede013081ae820
-
SHA1
9e9ed8cf1341aaba3c6e32609a3780dff407a2ce
-
SHA256
3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995
-
SHA512
f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2
-
SSDEEP
6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
formbook
4.1
re29
barnstorm-music.com
gazzettadellapuglia.com
baratieistore.space
cdrjdkj.com
carlissablog.com
langlalang.com
2886365.com
aq993.cyou
jwjwjwjw.com
car-deals-80304.com
dikevolesas.info
buycialistablets.online
theplantgranny.net
detoxshopbr.store
imans.biz
fightingcock.co.uk
loveforfurbabies.com
eastcoastbeveragegroup.com
alaaeldinsoft.com
microshel.com
deal-markt.com
hypothetical.systems
baxhakutrade.com
chiehhsikaoportfolio.com
brandsmania.net
follred.com
6566x14.app
defi88.com
h-skyseo.com
imagina-onshop.com
bambooleavescompany.com
cmojohnny.com
1whxgd.top
infernaljournal.app
kk156.net
chokolatk.com
guoshan-0800777216.com
funparty.rsvp
helenfallon.com
digitalmagazine.online
idealcutandtrim.com
bricoitalia.net
ecwid-store-copy.net
iljamusic.com
uvcon.africa
hoodiesupplycol.com
iilykt.top
continuousvoltage.com
josephajaogo.africa
baba-robot.ru
1wsfcg.top
hagfiw.xyz
firstcitizncb.com
calamitouscrochet.shop
829727.com
eleonorasdaycare.com
lafourmiprovencal.ch
corollacompany.africa
acorsgroup.com
jabberglotty.com
akhlit.com
kompetenceboersen.online
fxtcb8.site
whetegeneralprojects.africa
senriki.net
Targets
-
-
Target
file.exe
-
Size
296KB
-
MD5
1d920aa56457a163c9ede013081ae820
-
SHA1
9e9ed8cf1341aaba3c6e32609a3780dff407a2ce
-
SHA256
3d269d34d687979b0d73960f880ef5eaf5cd4bf4b90129ce5d6c0c5f8ec58995
-
SHA512
f2e25d3656575e418a89642d4828ae15f04bb74e310c562cd3190bebf7dcf5b4104a4b81b20ba1825d4a3097234dafb1c1276c2cbee5ed00da69e4feaab8cbc2
-
SSDEEP
6144:/Ya60IJrcLmPyG1twMNr1GX1Iius7CCeEhMNUPLegtfSdtyQ:/YaIeOyG/slB7CCPQULid0Q
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-