Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
-
Size
661KB
-
Sample
230523-smwm6agg2y
-
MD5
52884584e2bbbd4506596bf9cdebd4f1
-
SHA1
2d1a5c85486065bb8e947148ab2d0b22d87da8ef
-
SHA256
250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5
-
SHA512
f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb
-
SSDEEP
12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca
Static task
static1
Behavioral task
behavioral1
Sample
COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
upa6
farmaciadelverde.com
1whcfc.top
djameshomes.com
kylepauley.social
dawncharitabletrust.com
leverdurable.com
bluxban.online
oceansideglass.net
pcdcompusoft.com
dlunion.net
continuumadvisorypartners.com
tvlfood.com
pillblue.co.uk
1win-site-3.top
e32mbe.shop
mawelk.xyz
garage365.online
commonwealthbank.online
xw-04.com
smartcitiesrecruitment.co.uk
1wehuc.top
dydx.ltd
signssouthport.uk
tirumanam.rsvp
glenhome.org.uk
chiscocity.africa
butshuimuch.com
betkfurniture.com
palworld.net
louiserafton.co.uk
gevorgianvocalcoach.com
furioutgfb.space
cocohouselabarra.com
weddingplannerguide.africa
frioriver.net
doscervezabebidas.com
nigerianewscentral.africa
chenyuxi.love
4zk.xyz
druckrohrsanierung.info
hgaerosquadron.com
mediadl.net
arthalloys.com
angrygoosegear.com
adopt8x.com
enchante.fun
ivhydrationbarplus.net
1whfch.top
greenvibes.community
calculator-kasko-spb.ru
alanducnguyen.com
590nightingale.com
ilmagazzinodigilgamesh.com
huynhi.info
feiduyang.com
laundryemas.top
coalbros.com
intretechw.com
aurabodystudio.com
mwordconsulting.co.uk
cj-optic.co.uk
hyperjmp.com
asty668.com
efefhabitual.buzz
fanvilintercom.com
Targets
-
-
Target
COMMERCAIL INVOICE AND DHL AWB TRACKING DETAILS.exe
-
Size
661KB
-
MD5
52884584e2bbbd4506596bf9cdebd4f1
-
SHA1
2d1a5c85486065bb8e947148ab2d0b22d87da8ef
-
SHA256
250a1e2888f6048ef783f5b580b000127d052371042c70b25497fe000ea662b5
-
SHA512
f807fa5abb52d9acbda3fc4f680324526fb7f898f844503d8df57bfa24f5391b23ba4dcb1471cc233a88c1aefc4bd558201c698edfb8a1623faf741f7faadeeb
-
SSDEEP
12288:E2iN/tAqWV7ej9J7k5LXkW/qXo59YPHcnN/tqjg8ca:E1htAX0j9wkR8nN/Ejg8ca
-
Formbook payload
-
Blocklisted process makes network request
-
Deletes itself
-
Suspicious use of SetThreadContext
-