Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Payment Confirmation REF No 016747 PDF.exe
-
Size
253KB
-
Sample
230828-mbyeqacg7v
-
MD5
321ac4a7c104daae261c6ce5ed12db5a
-
SHA1
2cf6f37db30b5bdd5b3ae338a4e209c9ccd0f984
-
SHA256
21ccf1fad3e1a08f580d5f0d5aa2d13fb1a633aa1c68100d435628a437efb89b
-
SHA512
35591b1d584daeda8d6997224c6b3edb666f8cb8b7a77950f7411ef6bf030d40b8308168500a12d7f8c503113ba0e870abed8192807f679cfd90a317cf9f03d7
-
SSDEEP
6144:PYa64mTIQqcpm2VNUmdzdr4AiO0iijUg0SkuMPnGKY6X:PYOmTtrVjd2liijUg0tuMeJ0
Static task
static1
Behavioral task
behavioral1
Sample
Payment Confirmation REF No 016747 PDF.exe
Resource
win7-20230712-en
Malware Config
Extracted
formbook
4.1
sn26
resenha10.bet
gulshan-rajput.com
xbus.tech
z813my.cfd
wlxzjlny.cfd
auntengotiempo.com
canada-reservation.com
thegiftcompany.shop
esthersilveirapropiedades.com
1wapws.top
ymjblnvo.cfd
termokimik.net
kushiro-artist-school.com
bmmboo.com
caceresconstructionservices.com
kentuckywalkabout.com
bringyourcart.com
miamiwinetour.com
bobcatsocial.site
thirdmind.network
4tbbwa.com
rhinosecurellc.net
rdparadise.com
radpm.xyz
thewhiteorchidspa.com
clhynfco.cfd
ngohcvja.cfd
woodennickelcandles.com
gg18rb.cfd
qcdrxwr.cfd
974dp.com
lagardere-vivendi-corp.net
chestnutmaretraining.com
seosjekk.online
ahevrlh.xyz
uedam.xyz
natrada.love
yoywvfw.top
unifiedtradingjapan.com
chinakaldi.com
agenciacolmeiadigital.com
wdlzzfkc.cfd
097850.com
xingcansy.com
uahrbqtj.cfd
charliehaywood.com
witheres.shop
sqiyvdrx.cfd
biopfizer.com
tiktokviewer.com
prftwgmw.cfd
sfsdnwpf.cfd
linkboladewahub.xyz
orvados.com
goodshepherdopcesva.com
christianlovewv.com
cdicontrols.com
hawskio26.click
ownlegalhelp.com
tiydmdzp.cfd
ppirr.biz
stonyatrick.com
itsamazingbarley.com
msjbaddf.cfd
zachmahl.com
Targets
-
-
Target
Payment Confirmation REF No 016747 PDF.exe
-
Size
253KB
-
MD5
321ac4a7c104daae261c6ce5ed12db5a
-
SHA1
2cf6f37db30b5bdd5b3ae338a4e209c9ccd0f984
-
SHA256
21ccf1fad3e1a08f580d5f0d5aa2d13fb1a633aa1c68100d435628a437efb89b
-
SHA512
35591b1d584daeda8d6997224c6b3edb666f8cb8b7a77950f7411ef6bf030d40b8308168500a12d7f8c503113ba0e870abed8192807f679cfd90a317cf9f03d7
-
SSDEEP
6144:PYa64mTIQqcpm2VNUmdzdr4AiO0iijUg0SkuMPnGKY6X:PYOmTtrVjd2liijUg0tuMeJ0
-
Formbook payload
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-