Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Compr..NotaFiscal3713.xls
-
Size
1.2MB
-
Sample
230716-jj9k6sea9s
-
MD5
0765692957ce1a7d381daf4d254e0dc1
-
SHA1
d32070796d799a70d20889773f54870b7a564ad7
-
SHA256
ac08f1d3518dfe35c2d802992008d4a6750c6e83b9b7c4ed32be68c49bde40be
-
SHA512
3463acb361a08aebf8d20638454f8bdb40422f88bf28cf7f0dbf8229b0466da74b8e66feb6fdeaac218b6861b5868edcfb7cbcffc7759e239d2d1ed67c5d543e
-
SSDEEP
24576:GHu9V1ZyFw6VzAZypw6V1ipbmcwTA5G8cmuwwzx:GHu396Vzy16VqmjTJmuwQ
Static task
static1
Behavioral task
behavioral1
Sample
Compr..NotaFiscal3713.xls
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Compr..NotaFiscal3713.xls
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
ms14
adjoinstaff.online
kmmdznky.cfd
keyviewgroup.com
kidomarketing.com
jroxtqpq.cfd
jdevmx.com
genqaagz.cfd
1cdpwp.cfd
francegoldvip.com
2qy218.xyz
peterscanner.com
trullys.com
aniwatch.top
windyhillcnc.com
pokazhu.com
r74jsy.cfd
paulgadgets.com
lindanewtee.com
lasik-de-de-8808230.zone
critone.site
qwevqgjw.cfd
lojaasoriginais.online
pgtjirqx.cfd
ypasbfxplu.shop
kartixworld.com
s6uqzj.com
xigauij.cfd
arizonaadoptionagencies.com
wecanshipit.com
chiccakes.site
v3rqa4.cfd
clasmiv.xyz
kwhkqovf.cfd
metabolismchecker.click
lilith-con.com
porterhayranch.com
rikkun501.com
sxbhpysr.cfd
jc1014.com
4213z0.com
wshaizapp.site
3jij6e.cfd
weddingscork.com
zingyi.com
ixs0o9.com
tchyhg.com
printsplit.online
nihil.one
worthitweld.com
venria.store
lglcyoy.cfd
kanmuftic.com
zbjcolwy.cfd
mlking99.net
eyyk63.cfd
tcnckkne.cfd
buddhabazaar.online
tissageparis.com
cacciatoridiofferte.com
duffledash.com
kmsvvybi.cfd
aqeabrdm.cfd
qhrxnxoe.cfd
fitnessline.app
civzbpp.xyz
Targets
-
-
Target
Compr..NotaFiscal3713.xls
-
Size
1.2MB
-
MD5
0765692957ce1a7d381daf4d254e0dc1
-
SHA1
d32070796d799a70d20889773f54870b7a564ad7
-
SHA256
ac08f1d3518dfe35c2d802992008d4a6750c6e83b9b7c4ed32be68c49bde40be
-
SHA512
3463acb361a08aebf8d20638454f8bdb40422f88bf28cf7f0dbf8229b0466da74b8e66feb6fdeaac218b6861b5868edcfb7cbcffc7759e239d2d1ed67c5d543e
-
SSDEEP
24576:GHu9V1ZyFw6VzAZypw6V1ipbmcwTA5G8cmuwwzx:GHu396Vzy16VqmjTJmuwQ
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-