Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
F46B4AE770D908AC9D9EB047D7FC79609F6F33981F9B98E4544F7E65FD62A4C9
-
Size
267KB
-
Sample
230518-rx6enscf25
-
MD5
1265a3c0162daf43fef735c6dbf042dd
-
SHA1
3ba7c02f0e9f93684f2d100aa7758f5ef7c8350c
-
SHA256
f46b4ae770d908ac9d9eb047d7fc79609f6f33981f9b98e4544f7e65fd62a4c9
-
SHA512
96ebb8119a2adb735ce2746396a0a50274c9e8e83188659174c74fdfae3a670a1ab5099d49fcb59a90b03ec0339c78354a811799a3ec401c80dd460426fb7c83
-
SSDEEP
6144:rxvwj5WEKXdlRf4k9uCH1+T6XbXPn0hpDMfWhj7A7PitxzuKv4eR0ycAJPK:rxI5oXVA4nVOWn0497at1uKAeR0UJPK
Static task
static1
Behavioral task
behavioral1
Sample
rock997.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
re29
barnstorm-music.com
gazzettadellapuglia.com
baratieistore.space
cdrjdkj.com
carlissablog.com
langlalang.com
2886365.com
aq993.cyou
jwjwjwjw.com
car-deals-80304.com
dikevolesas.info
buycialistablets.online
theplantgranny.net
detoxshopbr.store
imans.biz
fightingcock.co.uk
loveforfurbabies.com
eastcoastbeveragegroup.com
alaaeldinsoft.com
microshel.com
deal-markt.com
hypothetical.systems
baxhakutrade.com
chiehhsikaoportfolio.com
brandsmania.net
follred.com
6566x14.app
defi88.com
h-skyseo.com
imagina-onshop.com
bambooleavescompany.com
cmojohnny.com
1whxgd.top
infernaljournal.app
kk156.net
chokolatk.com
guoshan-0800777216.com
funparty.rsvp
helenfallon.com
digitalmagazine.online
idealcutandtrim.com
bricoitalia.net
ecwid-store-copy.net
iljamusic.com
uvcon.africa
hoodiesupplycol.com
iilykt.top
continuousvoltage.com
josephajaogo.africa
baba-robot.ru
1wsfcg.top
hagfiw.xyz
firstcitizncb.com
calamitouscrochet.shop
829727.com
eleonorasdaycare.com
lafourmiprovencal.ch
corollacompany.africa
acorsgroup.com
jabberglotty.com
akhlit.com
kompetenceboersen.online
fxtcb8.site
whetegeneralprojects.africa
senriki.net
Targets
-
-
Target
rock997.exe
-
Size
281KB
-
MD5
770b0aa37f47b6bda2c4aa82b686afaf
-
SHA1
a7f4627372d3277b5456f2b4ff9f40aceb7db68c
-
SHA256
c02565873b8fe1fe3a19ee5bca4d03a861d4768f48f8816311792b7632c63107
-
SHA512
1839733c9d37692852f3c5e604e5f16c12313f0f937d1f3a055eecc787e6c1ed9037b16f7df1735e9a04a983b1ac05505dd48f36dff203a0765d08fdef02e0da
-
SSDEEP
6144:/Ya6Nfn8Qna97f4k9uCH1+TmXbXPT0hpDMfWhj7U7Pitx1uK54IR0ycAJPI:/Yv/8Qna97A4nVOCT04v7atLuKmIR0UO
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-