Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031.zip
-
Size
343KB
-
Sample
230308-qgjejaed58
-
MD5
090e3b31ae2b205213ee59d73e5d3afe
-
SHA1
562ac82badd1cd99c0934ae2a0913694db807266
-
SHA256
38dbb7d9a2c526dcee3f3e75a846223cd505e544f69647cf02394cd41d2503f5
-
SHA512
2e38757d2002323e8e729d3bfe789bf2a2ea2c726e4d579cc69602f37ed005191542a467b0919f060f2199d008e8ce4dcc90a20a056204eb1edfa20daf8e48ae
-
SSDEEP
6144:SPBh17JIz4PyZzp7LbMfUiXYgW4GtZ6UWzZVJDdSsa91pxtQ99swWCD1nadD:s3AuyZzp7Lo8iaCUQ/cbpxOswpox
Static task
static1
Behavioral task
behavioral1
Sample
d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
vr21
detrop.ru
bolacash.club
thezoidtv.africa
bigartgallerystudio.com
doshkoljata.ru
gamesdaybuddiessingles.com
zonlin.net
thehilltoplodges.co.uk
fcvip.club
amandacurtinnutrition.com
londonairporttaxies.com
graniteteammates.com
devthanhvo.site
kl-thelabel.com
a1choice.net
amzprod.com
iwaint.com
device-children.com
canada-immigration-72440.com
irsdev.ru
greecoomfort.com
thelabourguy.africa
jim-x.com
betamoto.africa
facillitou.com
facetimebeauty.ru
bbooktix.com
xtool.africa
askmsjen.net
dontibbles.com
fleursfairyfloss.com
honeywellelterminali.com
ashlastweek.com
thewemsafoundation.africa
800826.com
ccaffeinated.com
loveilfracombe.co.uk
eiaauto.com
exileine.me.uk
lvbotech.com
aumentascore.net
hopsshoppe.com
eczsp.net
vaalnet.africa
delasoieglobal.com
fqxne.com
bursyardimi.com
winterz.africa
drugsfaq.info
fitnessjunkiegear.com
fastfundsnow.com
88126875229.ru
avocat-palau.com
1win-slots.gives
holmwood.xyz
gyfrgde.com
escentberlin.com
losyuc.xyz
kkqy.xyz
conestogastudentservices.net
lachrymologyacademy.com
treesurgerycambridgeshire.co.uk
86fc68.com
ljmedia.co.uk
internet-ca-2022.life
Targets
-
-
Target
d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031.exe
-
Size
356KB
-
MD5
89638fe1a25c80932d9e4cb30238e194
-
SHA1
39e2ba0f53784ba65b1c5c33c7629447944390d0
-
SHA256
d67bc9de761645c9aa4b5669cd355f2fecde8b4e9b22f64f327f282754742031
-
SHA512
d2c8474b02dbab013bb1924826c27e04e32ac260a58ccc925624c65411628ba252992f9e7fdd931a961b18a75d0cb54289e14a36dda708a4ae7cb2d28719b801
-
SSDEEP
6144:/Ya6QPTmatecxGcFxZci7zQiJtMCnTiyaaMvJZEFST/WxHNQow:/YePTmat2cFcivxTvktvUS8eP
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-