Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SHIPPING DOCUMENTS. 25.23.exe
-
Size
670KB
-
Sample
230518-frrhsagg7z
-
MD5
77783c6f99127280ab5c677c1c96bf7c
-
SHA1
5327e4ca332aa28267444a12cd692375291a4ce2
-
SHA256
e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b
-
SHA512
e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91
-
SSDEEP
12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS. 25.23.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
ga36
700kitchen.com
udda.app
fractionalgc.tech
tipmercados.net
2-upapparel.net
directbookdiscount.com
koewetzeltours.com
d7c8-iuxt.com
hamaancook.com
benjaimnmoore.com
yimaglobal.africa
dispovapo.com
aseguvenlik.com
battery-worth.com
dddanbao.mobi
blueskyauberge.com
740.mobi
betterbonella.com
liverally.club
czubao.com
elliotthead.com
borkr.one
drvnsat.net
coldwellbankersolar.com
cityofexpertise.co.uk
independentdentist.network
bladesofbeautybymichelle.com
gqf5y.com
astergab.com
eventinvite.rsvp
indyfurnitureguild.com
theunrelentingbrush.co.uk
concealedcarry.info
a-alphaxtraboost.com
21diasdegratitud.com
edlevostatus.se
hradvocaciacriminal.com
efefindustrious.buzz
arafat.xyz
jlhaoniu.com
citizensbank.top
eatzpizzeria.com
everestfunerak.com
thecovenscorner.co.uk
subskrebcstumer.com
calabatherapy.com
braces-cost-affordable.com
erinandjacob.com
hakkaqq.website
flymavis.com
9774.top
hcthi.com
ecommercecolcorp.com
blackbluejetfriday.com
fralu.tech
biohackinghealthspan.com
cumhuriyet.click
dynamicbingo.live
jonashaapp.store
intentionallivingsoul.com
careerguru.academy
mexob.online
calaaccessories.com
kolagaems.com
310003.com
Targets
-
-
Target
SHIPPING DOCUMENTS. 25.23.exe
-
Size
670KB
-
MD5
77783c6f99127280ab5c677c1c96bf7c
-
SHA1
5327e4ca332aa28267444a12cd692375291a4ce2
-
SHA256
e8f271e2c00c7310ba76f5be24f425df7b4c3fdd84a0b715906a10da4f7e879b
-
SHA512
e134cecc97558e46ee9b26cc1c6a818fd3697360d62a171aa2912900cfbf569a8aedc2de6e466d42f9401f964319af36203c389af46332d40bce2390bed1ef91
-
SSDEEP
12288:S8RXgHLZIcZI13TZFseMdvkp/TpVMYEVxhe+XbeG7aEGONgLQ:SsAtDmJZTu8ptipSupf
-
Formbook payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-