Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa05023887117e6f52dce6ae40dcab9d.exe
-
Size
272KB
-
Sample
230213-tk7s3sdg41
-
MD5
aa05023887117e6f52dce6ae40dcab9d
-
SHA1
3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d
-
SHA256
6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60
-
SHA512
329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362
-
SSDEEP
6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+
Static task
static1
Behavioral task
behavioral1
Sample
aa05023887117e6f52dce6ae40dcab9d.exe
Resource
win7-20220812-en
Malware Config
Extracted
formbook
4.1
sk29
adobeholidaylego.com
labassecourdecaro.com
whhlbz.net
aikxian.net
myimmigration.net
etribe.info
fercosgru.com
everbrighthouse.com
finepizzavegesack.info
mesuretonradon.com
escopic.art
mapzle.com
panachesports.net
alabamasbesthvac.com
esghf.com
usrisik.com
activseal.com
eventplanningpros.africa
adufyuwefjdfuiwefl.site
kornilt.com
lotospharms.com
abovetheaverageent.com
pricesky.co.uk
arizona-nature.com
fireemblemgame.com
latestschgist.africa
kahtyadaringstore.com
desireblaze.com
onlychina.co.uk
howtoinstallkodi.com
gocobooker.com
gentechglobalservices.africa
panthersoftball.com
frykuv.xyz
aumcart.com
foothillvbc.com
iptml.online
thepsychic.africa
20np.com
itziaryunai.com
dothot.club
ciomm.ltd
offms365snv.xyz
hailiankj.com
naijaghost.africa
benguey.com
2022xin39.shop
104as.com
fairhouserentals.com
fbdsufh.com
7wgnib9t6.xyz
amagentnextdoor.com
asic-businessnames-au-gov.biz
khalifafoods.africa
leihatooke.co.uk
bpkpenaburjkt.com
dreamrunteam.com
welcomedenver.net
marketstore.africa
truegritconsultants.com
baroomclub.com
sexx.boo
bestshares.co.uk
drkilido.com
decornsweets.com
Targets
-
-
Target
aa05023887117e6f52dce6ae40dcab9d.exe
-
Size
272KB
-
MD5
aa05023887117e6f52dce6ae40dcab9d
-
SHA1
3f6c3e8cc656a436be4ddbc248432e48dcd8aa0d
-
SHA256
6c3654d20a676bf9b7f77546e23bfb3a7d2d23f1d535d0feced966a22ece5d60
-
SHA512
329d06ab016a9413e5320170d1ede46dc50d3a4aea13efc600919858e8100ff3b56b8934f0815a4f3cfed45e7641488f9768b6635c03504ba958194287584362
-
SSDEEP
6144:BYa6q6/iwjO/07RXNHT0uZ0w+5IoujNbjcgTAgqZ6VOmA+:BYcKji079BV0/IVNbQgMkw+
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-