Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6b85dbb12585f5120e70e0cad7521654.zip
-
Size
252KB
-
Sample
230412-k9nbascg5v
-
MD5
9e7d3c727695d1a287d49235d729be2a
-
SHA1
f3d1155453c5b7213a6f3d8877980a129e3904af
-
SHA256
5da13468ddb4481a5057669fec1f3c469132af6e2ad0963524e3751b359e69cd
-
SHA512
952e2e57cf23237c7902754fedc15fff1a15a0f7ecd8d5882c3af41be897b36c5ba2ebafafe743047db475106796b9bad5840559be15310060af309d1bf62b10
-
SSDEEP
6144:O5ZJDv7+L5PDi7Ms0ZHSfFKhrFWwD+nCSYZIXue+Brd:EqL5r6Ms0Zy+kwKxYcue+Brd
Static task
static1
Behavioral task
behavioral1
Sample
LEAK.exe
Resource
win10-20230220-en
Malware Config
Extracted
formbook
4.1
c02s
51ysp.net
digitalmarketsecrets.com
bringbackroyal.com
mitepty.online
famousastrologyspecialist.com
789betket.pro
cailinlane.com
lab-grown-diamonds-44403.com
nascodirect.africa
healthpedia.life
780ty.com
brokerdefensewall.info
storagetopgun.net
almanea.xyz
debbieaffordablewears.com
digitalrightsmarch.com
shengxianmeishi.com
duoguang.top
belpages.com
hiegu7mj6.xyz
denverrealtytrends.com
beautyandthebeatzbye.com
kalkisocho.com
yaflix22.com
rctaiban.com
hadavarteologia.com
davivinnda.tech
thebackboardlife.com
bellbusinessparks.co.uk
feedingseed.online
daftarkedokteran.com
aa56.vip
lifbvy.cfd
thnwholesale.co.uk
honare-irani.com
bosscityfootwear.com
dein-hochzeits.video
croocheando.com
liantongka8.lol
kickzdrop.com
adk.world
get-data.net
87684.uk
amazonry.online
vankind.app
kstequipment.com
joshmillang.com
nqetu.com
dnaeventplanning.com
hnspar.com
drblob.co.uk
hygro-flex.com
idverify.africa
lbjwstudio.com
eureka-now-i-see.com
32degtees.com
artfactorysite.com
billinkoin.com
atlantapemf.com
homehumour.com
bizformpro.com
tnetratrading.africa
api-dev.tech
5265154545.xyz
livevieleven.com
Targets
-
-
Target
LEAK.EXE
-
Size
262KB
-
MD5
6b85dbb12585f5120e70e0cad7521654
-
SHA1
93107e9c48785d4ff393478c32249a43d1b3c055
-
SHA256
d4b23673edbc5a28526a91b7e10003c82449971f594a066941b2d8217fbf2ab3
-
SHA512
a4c085779a17d9820b4f72a7ef5ba219cfe6e15a93c3599841ebb23c84908a0cbeab11f85f3d1846615d8869bf365ed45764ef1476c6a41f6d37d1e6392ad9fd
-
SSDEEP
6144:PYa6jjX34cmYMHSBCQU8yEg4Quz02vXET3I3:PYxUPZV8BvQ4UTs
-
Formbook payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-