Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PRE ALERT ...MS.exe

windows7-x64

10

PRE ALERT ...MS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRE ALERT KUL-BKI PNUE00951848 4511679901 Maritime n Industrial AE 455681 264-43349902 N7351 20 NOV - DDP TERMS.exe

  • Size

    737KB

  • Sample

    230331-mpdmgahc88

  • MD5

    5a31e71dbdb0b31c5af2b1c1c32936ce

  • SHA1

    aecf6320581856198779afec0c1e816961e9757d

  • SHA256

    2358f255cb8390a108fca6934209b56e8f72eb08dbb3708431c449fffe8338e5

  • SHA512

    0bd1fc5ded778006ebbc2d6e9288dd5665b26bebb209d7ba40e8a08aa8c36eda35ef227b39958b493f06a06ddbea477b571332b2dd86c67c0806d71bf128341b

  • SSDEEP

    12288:A79xzQKbXOJz0XXLyw+5iCxJ2rvvLTr8aSVd1Jkx1r7HrcFxJ+O2NimOMt+:lfz0HAiCubvLTar1Jkx1r7HrcFmO2NiQ

Score
10/10
formbookc29iratspywarestealertrojan

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

c29i

Decoy

chrestheryulelog.com

awesomecustomerservice.com

4455m.net

vonek76k.com

zwelishaprojects.africa

bbangnmoolgogi.com

howickmenswears.com

ba225.com

ipl2018livescore.com

ohprovider.co.uk

handymanservices.shop

1wzxtq.top

busy-people-gifts.com

invited.rsvp

heihei.fun

micloudlogin.page

hwyi1319.com

alitechnologyes.com

hysminai.com

liuyikj.com

Targets

    • Target

      PRE ALERT KUL-BKI PNUE00951848 4511679901 Maritime n Industrial AE 455681 264-43349902 N7351 20 NOV - DDP TERMS.exe

    • Size

      737KB

    • MD5

      5a31e71dbdb0b31c5af2b1c1c32936ce

    • SHA1

      aecf6320581856198779afec0c1e816961e9757d

    • SHA256

      2358f255cb8390a108fca6934209b56e8f72eb08dbb3708431c449fffe8338e5

    • SHA512

      0bd1fc5ded778006ebbc2d6e9288dd5665b26bebb209d7ba40e8a08aa8c36eda35ef227b39958b493f06a06ddbea477b571332b2dd86c67c0806d71bf128341b

    • SSDEEP

      12288:A79xzQKbXOJz0XXLyw+5iCxJ2rvvLTr8aSVd1Jkx1r7HrcFxJ+O2NimOMt+:lfz0HAiCubvLTar1Jkx1r7HrcFmO2NiQ

    Score
    10/10
    formbookc29iratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks