Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New Order.rar
-
Size
702KB
-
Sample
230209-qhz4nsdb6z
-
MD5
ccbb2ec496eb0b22ab4b9ddb3d1a59ed
-
SHA1
76ea403c4186849291174e0caa3457f97502ca4a
-
SHA256
c468a9183ecc42f934c38fecb1b02c1944aa4aa3acd39a920ec8e14f5443872f
-
SHA512
6fec7130370edaace6dfab6443f87ea01e297b37f446754dbaa2f216a0453f903a06215129549a0bb946e22dd60312d5c10b8902b24e45dc364b5c7ed4083c12
-
SSDEEP
12288:4Ql8EXJpl0m/MQ2O3sH880Ow0+vtAD3Nnqoq4KmmsJCHBXx5h/FvwCjACriIALvH:4bEXJpHMQ2OS7WntAD3NqJbmmAC1x5h+
Static task
static1
Behavioral task
behavioral1
Sample
New Order.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
d03s
laurasgreenleaves.co.uk
fantastik3d.com
jsstee.com
foodynation.co.uk
3623wnorthgate.com
titanmedical.africa
keithjacksonlifecoach.com
kardilah.shop
crisscrossfishsauce.com
lojatanamao.online
ceways.com
holybreadstudios.com
c66u.xyz
poococoin.net
exipureyour7best.online
easterislandfoundation.net
09448.voto
gzbzxyy.com
0uqx.xyz
agentfarah.com
gongtianhouse.com
ytorly.xyz
janolepets.com
jvkai.com
sttholdings.net
fraziersusedcarsnc.com
unitedtileandstonela.com
b5623.com
klcp311.com
aaruvisoiree.com
ispeaki.com
decertifyi.com
laowazhijia.com
eldiache.com
goodnewsgoat.com
championscupdraw.com
adryanabb.com
activeshop.uk
123jj11o.top
averycap.com
allow11.com
cleaning-services-66938.com
naturenurturelandscapes.co.uk
beauty-nails.site
cha-style.com
greattrump.xyz
yuanzhoulvgw.net
juicychuck.com
edwinesia.com
localfoods.africa
glistening.site
aprilandmax.rsvp
domanahvoynoy.ru
contabilmais.shop
gegeartprints.com
a2sk.shop
levelshhealth.com
ganchenbox.com
car-deals-70763.com
ckeventsltd.com
gdcxv.beauty
bermudadunesmoving.com
functionalfood.info
destroy.cfd
flavoredkreations.com
Targets
-
-
Target
New Order.exe
-
Size
856KB
-
MD5
7d8cdf3c58c00c596080b3f50f090ab5
-
SHA1
558c0dd0071f4875d7f74a19106ff06774ac30b9
-
SHA256
c9caca736c11e851b592f24322879f830096ef056283ab000c73fea48642278b
-
SHA512
273e806c9463f844d60e861e454d48e6bd9adc0a552c476485d61acf89a3669b22986d404d7f9d89791f7cf4eb5b149acbdeaca14b8164b523cf62ffa8d5424e
-
SSDEEP
24576:MHCtn9BoO/NtSQlQXDAlfSX6wnj+V9ClyTS666jDgs1b5/:z9KEpwzG8Lz6vgsD
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-