Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e960f10f4c8fd0f6b380743439c91fdb.exe
-
Size
946KB
-
Sample
230609-kw59yscd9s
-
MD5
e960f10f4c8fd0f6b380743439c91fdb
-
SHA1
ccf3feb1d2f7e01c0732fee057e01d13285eb90d
-
SHA256
fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e
-
SHA512
cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db
-
SSDEEP
24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs
Static task
static1
Behavioral task
behavioral1
Sample
e960f10f4c8fd0f6b380743439c91fdb.exe
Resource
win7-20230220-en
Malware Config
Extracted
formbook
4.1
btrd
toulouse.gold
launchyouglobal.com
margarita-services.com
dasnail.club
casa-hilo.com
hardscapesofflorida.com
thepositivitypulse.com
kkmyanev.cfd
love6ace22.top
castorcruise.com
chch6.com
h59f07jy.cfd
saatvikteerthyatra.com
fxsecuretrading-option.com
mostbet-k1o.click
36-m.beauty
ko-or-a-news.com
eurekatextile.com
gynlkj.com
deepsouthcraftsman.com
bougiebossbabe.com
202402.xyz
thecareskin.com
zimmerli.online
bathroomconnectsupreme.com
opmk.monster
docemimocasamentos.com
mywayinist.com
healthyters.com
mozartchamberorchestra.sydney
wewillrock.club
education2jobs.com
everlastdisposal.com
valentinascrochet.com
stewartvaluation.net
blackphoenix01.xyz
omnikart.shop
jejeesclothing.com
allurepet.site
futureofaustin.com
sillylittlestory.com
inthewoodsdesigns.com
freshtraining.store
illuminati4me.com
jewishlakecounty.com
devadecoration.com
nashexshop.com
martline.website
affirmationtotebags.com
golifestyles.com
telegood.info
trygenesisx.com
bestwhitetee.com
delicatemayhem.com
redyardcom.com
solarcyborg.com
emotieloos.com
fanatics-international.com
ballonsmagiques.com
projektincognito.com
fcno30.com
horizonoutdoorservices.com
couturewrap.com
mbbwa4wp.cfd
lifeofthobes.uk
Targets
-
-
Target
e960f10f4c8fd0f6b380743439c91fdb.exe
-
Size
946KB
-
MD5
e960f10f4c8fd0f6b380743439c91fdb
-
SHA1
ccf3feb1d2f7e01c0732fee057e01d13285eb90d
-
SHA256
fbaea63cf0928cdd548719ce257ea3813b92a8765f561bbe7e8842e7d830b87e
-
SHA512
cf22f2fdb305bdff5a7d25a5d1e5e7db097df391e56f66cfc2c5118f1cf063a0123eb2be6e978d6909ca856fad814eb0be65d2ac45d3dab918ef3c8869d189db
-
SSDEEP
24576:PuHeMjlSADnET+YvWBThrbJnJz+ydKbxsg:2+Q7DErvchJ6QKFs
-
Formbook payload
-
Suspicious use of SetThreadContext
-