Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fd498a1be2c83df884266ad732f7a3c4.exe
-
Size
304KB
-
Sample
230301-xjmnashc2s
-
MD5
fd498a1be2c83df884266ad732f7a3c4
-
SHA1
d75f3be9a3ab927ede5e4953a28c99e6b2584cec
-
SHA256
d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057
-
SHA512
b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772
-
SSDEEP
6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk
Static task
static1
Behavioral task
behavioral1
Sample
fd498a1be2c83df884266ad732f7a3c4.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
b07o
rpalmerdecorating.co.uk
magellanalytics.net
28yorkave.com
woodburnershop.co.uk
jcw-media.com
helinica.com
yuaneju.com
akypan.top
cavidahome.com
annaswiatkowski.com
123findcapital.com
danielle.nyc
dhcons.click
ocnarf.co.uk
1wowoc.top
corbett.one
extersolutions.com
fcukart.com
fadaona.online
guangness.top
theretailclassroom.africa
christmasshop.boutique
aibaosc.com
bosscityteens.com
325978.xyz
informationdata92533.com
takingtechdowntown.com
hnaspi.xyz
feixiu99.com
ldkj084.vip
coverqwxc.com
gonanooklahoma.com
diabeticfeetsigns.site
lawtonsr.com
hampshireequineservices.org.uk
halftofull.com
drajanainamiranda.com
childcareworkerjobssearch.life
thepornaview.com
ascestates.com
782258.com
djkiralamaistanbul.click
elionee.com
cylligandiy.com
hapestdatexts.com
eltres.fun
fy-hotel.com
f52.shop
denverrealtytrends.com
liseecreacionesartesanales.com
onescribe.app
jj365.vip
ljbalm.com
thetechbuild.com
festadosamigosdorancho.com
experia-sa.com
gustavohenriqueads.site
healthymart.africa
allbrightpros.com
425washington.com
izarmarketing.com
tryfas.com
dccmovil.com
experience-city.com
kscompetitions.co.uk
Targets
-
-
Target
fd498a1be2c83df884266ad732f7a3c4.exe
-
Size
304KB
-
MD5
fd498a1be2c83df884266ad732f7a3c4
-
SHA1
d75f3be9a3ab927ede5e4953a28c99e6b2584cec
-
SHA256
d79d4f61a8ac7e72f4b51fd872317a7d9feb84a46e47bebd09eb60c8a34ec057
-
SHA512
b1280bce16fb24c3b042eb391faf846da9cf3409ca6ac21d1f584b14c1f9737b7e7cf1fecf47b8ed49ab26df1f53af69972806a5656d7ae10adaa70005a93772
-
SSDEEP
6144:AYa6o14m7yrnRJFJ65+ITi8iUDQ8WjPPznEZK96pEapfXBHFK:AY2GRsQITWPnEZo6pXpPNk
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-