Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301
-
Size
406KB
-
Sample
230718-havvzsgf65
-
MD5
1482780bd41df6d1dfe68b2629c26d08
-
SHA1
17145bdc0f9beeea6f8cf5791210d0fd486818d1
-
SHA256
0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301
-
SHA512
e0fb5c4ae0ae98b231556950fd358feaebdd414f13e5dcf4eb6f3f77dd9ca5e5af930d04a362ceda9628b61029fa56d1659857dea7d3a1cab2ec8a94c0b974dd
-
SSDEEP
6144:TPXoDQpcUz+TfBDma1bJzSvPRehOGYJmcKeNq1umGANGc8b0:/WDfhNWRgJ8wkFA6b0
Static task
static1
Malware Config
Extracted
formbook
4.1
ms14
adjoinstaff.online
kmmdznky.cfd
keyviewgroup.com
kidomarketing.com
jroxtqpq.cfd
jdevmx.com
genqaagz.cfd
1cdpwp.cfd
francegoldvip.com
2qy218.xyz
peterscanner.com
trullys.com
aniwatch.top
windyhillcnc.com
pokazhu.com
r74jsy.cfd
paulgadgets.com
lindanewtee.com
lasik-de-de-8808230.zone
critone.site
qwevqgjw.cfd
lojaasoriginais.online
pgtjirqx.cfd
ypasbfxplu.shop
kartixworld.com
s6uqzj.com
xigauij.cfd
arizonaadoptionagencies.com
wecanshipit.com
chiccakes.site
v3rqa4.cfd
clasmiv.xyz
kwhkqovf.cfd
metabolismchecker.click
lilith-con.com
porterhayranch.com
rikkun501.com
sxbhpysr.cfd
jc1014.com
4213z0.com
wshaizapp.site
3jij6e.cfd
weddingscork.com
zingyi.com
ixs0o9.com
tchyhg.com
printsplit.online
nihil.one
worthitweld.com
venria.store
lglcyoy.cfd
kanmuftic.com
zbjcolwy.cfd
mlking99.net
eyyk63.cfd
tcnckkne.cfd
buddhabazaar.online
tissageparis.com
cacciatoridiofferte.com
duffledash.com
kmsvvybi.cfd
aqeabrdm.cfd
qhrxnxoe.cfd
fitnessline.app
civzbpp.xyz
Targets
-
-
Target
0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301
-
Size
406KB
-
MD5
1482780bd41df6d1dfe68b2629c26d08
-
SHA1
17145bdc0f9beeea6f8cf5791210d0fd486818d1
-
SHA256
0e612f991709b9569a9baf7993d185955f6347c574effe5c72e51a9f96a7b301
-
SHA512
e0fb5c4ae0ae98b231556950fd358feaebdd414f13e5dcf4eb6f3f77dd9ca5e5af930d04a362ceda9628b61029fa56d1659857dea7d3a1cab2ec8a94c0b974dd
-
SSDEEP
6144:TPXoDQpcUz+TfBDma1bJzSvPRehOGYJmcKeNq1umGANGc8b0:/WDfhNWRgJ8wkFA6b0
-
Formbook payload
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-