Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d67d9bf7354e7969abe6a4ced998b145.bin
-
Size
615KB
-
Sample
230426-b9halsec94
-
MD5
78c3234feea68c6528ce9b03a751a9e1
-
SHA1
d2a05de02295916d8f4acd11fdd588417b5062bd
-
SHA256
d8a138fbcb8fd354203f749dcd8e70f21a19af4935bb3cd9f34fa3ac74ce561b
-
SHA512
599283fdfa46633da0beb6ed0600cbc1792b6b5ffe4d9c5b95f470b47978ea2a05237d739d999de6423c66ab8bb5efb2d8c7721e6cbf805f600db54aa6509d5a
-
SSDEEP
12288:sgdGHSiugxRr6RuPdFOwouAPbQO7i7Qa/QuLvfjCAQKYa5RR5:3dGH64R6RgOwhk7iZ9vf2dKY6RR5
Static task
static1
Behavioral task
behavioral1
Sample
c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
btrd
toulouse.gold
launchyouglobal.com
margarita-services.com
dasnail.club
casa-hilo.com
hardscapesofflorida.com
thepositivitypulse.com
kkmyanev.cfd
love6ace22.top
castorcruise.com
chch6.com
h59f07jy.cfd
saatvikteerthyatra.com
fxsecuretrading-option.com
mostbet-k1o.click
36-m.beauty
ko-or-a-news.com
eurekatextile.com
gynlkj.com
deepsouthcraftsman.com
bougiebossbabe.com
202402.xyz
thecareskin.com
zimmerli.online
bathroomconnectsupreme.com
opmk.monster
docemimocasamentos.com
mywayinist.com
healthyters.com
mozartchamberorchestra.sydney
wewillrock.club
education2jobs.com
everlastdisposal.com
valentinascrochet.com
stewartvaluation.net
blackphoenix01.xyz
omnikart.shop
jejeesclothing.com
allurepet.site
futureofaustin.com
sillylittlestory.com
inthewoodsdesigns.com
freshtraining.store
illuminati4me.com
jewishlakecounty.com
devadecoration.com
nashexshop.com
martline.website
affirmationtotebags.com
golifestyles.com
telegood.info
trygenesisx.com
bestwhitetee.com
delicatemayhem.com
redyardcom.com
solarcyborg.com
emotieloos.com
fanatics-international.com
ballonsmagiques.com
projektincognito.com
fcno30.com
horizonoutdoorservices.com
couturewrap.com
mbbwa4wp.cfd
lifeofthobes.uk
Targets
-
-
Target
c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3.exe
-
Size
718KB
-
MD5
d67d9bf7354e7969abe6a4ced998b145
-
SHA1
12ac15d5eb62eb68f88d6bd149497a57e43e6fa2
-
SHA256
c643ce9cf3045a605b3ed588dc7e992de791468c841013fcdb310e751b237ad3
-
SHA512
e7c15ba7dbbdd0d7ea7103079feead806252dbf80a0d129f15c400614703e3380d1c6c68984dad1f932d5ef7d10a28867667ee5fc13413498546ad41d3806204
-
SSDEEP
12288:0ZgjjkkCS3OydyH73bJ4gnVfo2ZQTR23onxpQH3oJSAT1i1NFW49Mx:0ZgjjkkCSPySN2ZQk4nxQ3cF0Mx
-
Formbook payload
-
Suspicious use of SetThreadContext
-