Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.zip
-
Size
227KB
-
Sample
230310-m1g42ach96
-
MD5
343336d843591e9045f19fef085b310d
-
SHA1
120cda05d8717df7f6520489866f4715b4f659c8
-
SHA256
75cad3b006c75ab9361842884a4937580a3e3cbcbb8e583843e55f934a4ea6d8
-
SHA512
dc6b995ef4bd759b978f9988783dd1a0ea5ad601492607ec730adc5bec085d0c784b3c4d38370488cc9a3a6cf5d933356176c4746b6042b0be3e7c7ab0d992bd
-
SSDEEP
6144:GXSvi3QVZ9/pdpdXW+xPgLIsmU2yS1NtMB6xqTpdUqL:S8TvjXW+xPGIsmjHMUxqTpZ
Static task
static1
Behavioral task
behavioral1
Sample
d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
gt48
flusskiesel.studio
txweiqi.com
bestsnowboardingincolorado.com
aceroyrodio.com
antoniafredrik.se
iskugo.club
lifehightech.com
emotionalsupporthedgehogs.com
911527.com
familyblinn.online
family-doctor-90847.com
importadosjl.shop
arobaz-solutions.com
ibobetgogo.com
trippincreative.com
funnyjokeday.com
doktorhizmeti.xyz
contentteam.co.uk
iyaarirealestate.com
atomikoldschools.com
investsanad.com
fxlifestylesignals.com
eliteresponsecourierservice.net
maismp3.net
crisbartoli.art
fore-te.com
delxom.xyz
frenchitup.online
hs8c.space
handsqialeft.com
paidprocessingvisa.com
dreamstatestudio.com
6thshop.com
kopenhagnn.com
creazionimilly.com
fantom.properties
51haojjw.com
e51385aa.com
itax-accounting.com
dggdsb.com
chartistryforex.com
hks4661.com
dispensingvape.com
bettercaching.com
drain-pipe-cleaning-89025.com
jyothish.tech
catchitcap.com
bensevent.com
pricepnc.com
karamargaretofficial.online
agnahsablgvl.com
lojaslombos.com
derite.africa
cestodgo.com
lovelettersfrom.com
blackconference.co.uk
berrypet.site
limestonecg.com
kidday.shop
demonstratemicrof.online
albertopchamo.com
20nho-matsu.xyz
eyespinebrainandgi.com
evobanco-online.com
igorbox.com
Targets
-
-
Target
d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5.exe
-
Size
241KB
-
MD5
02eefca081505168a313a927977e02e5
-
SHA1
4ff60a4b15d4ed1cc3733676a25b929962d64d4b
-
SHA256
d8d8a2af9b26764004323afcb393879266daaf40afd026894b311424b50d8ff5
-
SHA512
0f8a33342682c1e8a4c3b096c91e26cf9b18d48a28e0eaae2af450e637b3e6a00a075a6fd315ef7737e88a132005877e7af5959240452642ddadefee65ac537e
-
SSDEEP
6144:NYa6Juz8BMG9jCpNLw3ODiHVmyfvYUeEu0UIE:NYf5RiNymryfvYUi0UT
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-