Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
order703233.xls
-
Size
1.1MB
-
Sample
230704-hvx6vada3t
-
MD5
8cc4e73f5ceb73680f5f59b09997d8a3
-
SHA1
263fb5f059b972f779b4f5d14fb8e674a5b6c799
-
SHA256
e68ea041c96b370e4d00b77da341aef26e7e25403198f5a49e9f9e310f66dc90
-
SHA512
6dc39b4d0065b9bddd34ee65bd2369fd61d6b14fe4e2dd69aefca48ace7b6b974fb8c151b85d7bc50ceebe44b935b15358126cf876e95720da975e76fb792613
-
SSDEEP
24576:Ez0w6sYz+o0xfsjcUos+xKXw6s5zDo0xfsjcUos+xKN3tYjYqJP46w7B:ET6sYOxfsjdos+xKA6s5Txfsjdos+xKp
Static task
static1
Behavioral task
behavioral1
Sample
order703233.xls
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
order703233.xls
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
m42i
kosporttraining.com
z19zgcn.site
kaka225.click
85471xii.net
iuplqle.xyz
bengtsberg.net
bk2y0rmx.site
hotspudqec.space
dreamshospital.com
studio-glinka.com
garotosdatv1.online
au-t-global.com
0kxm.com
medsuppanam.com
sameypaige.com
osstshirts.com
xkrujqqo.shop
hk2r.top
rakebacksites.com
ledxiu.xyz
skywardcaresolutions.com
georgiapoolrepair.com
m-1025bets10.com
banco-santander.info
minnesotatootall.com
kddd.top
jiaxiangxh.com
powertech4u.com
keostrife.com
gerianna.info
zds120.net
atempre.tech
knackwoodcraft.com
xbxmzg.com
foiplusvision.com
coastalfacepaint.com
thericklowe.com
68brbn.com
cnmzsz.com
homzinsurance.com
usekalegpt77.com
kickreseme.com
wpdisk.online
dreadfullstack.com
security-cameras-uk-en.bond
passionate-lovee.info
lks-me.com
prixmalins.com
wanitabaikbaik.com
hatcherpasscombinationtours.com
acmanu-us.site
giandomenicodonatelli.com
lavagame789.win
zishiying.net
biancagift.com
aerillon.com
ndjkshdooeiowoieui.site
wsnclaw.com
vaughanautoappraisers.com
1bysh.top
011yd.com
auraduha.com
brandof9.com
papeleriaentrecolores.com
brachyurus.com
Targets
-
-
Target
order703233.xls
-
Size
1.1MB
-
MD5
8cc4e73f5ceb73680f5f59b09997d8a3
-
SHA1
263fb5f059b972f779b4f5d14fb8e674a5b6c799
-
SHA256
e68ea041c96b370e4d00b77da341aef26e7e25403198f5a49e9f9e310f66dc90
-
SHA512
6dc39b4d0065b9bddd34ee65bd2369fd61d6b14fe4e2dd69aefca48ace7b6b974fb8c151b85d7bc50ceebe44b935b15358126cf876e95720da975e76fb792613
-
SSDEEP
24576:Ez0w6sYz+o0xfsjcUos+xKXw6s5zDo0xfsjcUos+xKN3tYjYqJP46w7B:ET6sYOxfsjdos+xKA6s5Txfsjdos+xKp
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-