Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO-384728493049.doc
-
Size
88KB
-
Sample
230822-je9elscc2s
-
MD5
5292d77a5796360358f012d31f4cd438
-
SHA1
ceb7009b833a4829f9017636445a07ca201a9db4
-
SHA256
404f0f676d94ffdc3cc0b4422a34a5aee31d06c815253ba0e7aeb0fed3905b9c
-
SHA512
d42e1a014c005935b79de13b975a2e840ef100abfc054b08b547398d3ba99834c6f2074d02b3570da4d2b2a01fbe52dda1ce955c66f0aa2bf20eccc62e03b4f6
-
SSDEEP
768:kwAbZSibMX9gRWjQOX1eDp9haTtsZ+Tnkfas:kwAlRxu1edzaT+Q1s
Static task
static1
Behavioral task
behavioral1
Sample
PO-384728493049.rtf
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PO-384728493049.rtf
Resource
win10v2004-20230703-en
Malware Config
Extracted
formbook
4.1
oy30
rfc234.top
danielcavalari.com
elperegrinocabo.com
aryor.info
surelistening.com
premium-numero-telf.buzz
orlynyml.click
tennislovers-ro.com
holdmytracker.com
eewapay.com
jaimesinstallglass.com
damactrade.net
swapspecialities.com
perfumesrffd.today
salesfactory.pro
supportive-solutions.com
naiol.com
khoyr.com
kalendeargpt44.com
web-tech-spb.store
lodjireal.online
ultraflooringmore.com
iwantbundles.com
theroofer.lat
qwxry.fun
faserfreunde.com
body-for-living.com
welnessfit.com
clublucky.store
nlast.cyou
gkoders.com
okxmttwa.click
nodesofty.com
alemania-paredes.com
travel-insuranceprice.shop
thechaay.com
formulavsupplements.com
gstringtheory.com
ruopenai.com
evi-based.com
danleugers.com
lojinhaevelyn.com
denzaimivsem.buzz
izmn2vd8.click
asliy.top
kawitrack.com
brandiai.com
ssssne.com
asianewsgood.online
proloop.work
dhikaedwina.com
onemarinallc.com
realmpabq.com
boswells.biz
jpxiaoxi.top
ishirink.com
thundershorts.com
rainydayroofs.com
atatra.com
hftroi.xyz
fundamentplus.com
gsvaedpzugtdn.com
mic-reform.info
vacuumbagsuppliers.com
gaoxiba150.com
Targets
-
-
Target
PO-384728493049.doc
-
Size
88KB
-
MD5
5292d77a5796360358f012d31f4cd438
-
SHA1
ceb7009b833a4829f9017636445a07ca201a9db4
-
SHA256
404f0f676d94ffdc3cc0b4422a34a5aee31d06c815253ba0e7aeb0fed3905b9c
-
SHA512
d42e1a014c005935b79de13b975a2e840ef100abfc054b08b547398d3ba99834c6f2074d02b3570da4d2b2a01fbe52dda1ce955c66f0aa2bf20eccc62e03b4f6
-
SSDEEP
768:kwAbZSibMX9gRWjQOX1eDp9haTtsZ+Tnkfas:kwAlRxu1edzaT+Q1s
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-