Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe
-
Size
835KB
-
Sample
231004-w6wn2sdh8y
-
MD5
33ffe47617ab65e5fbb0b2eedf0b5b4e
-
SHA1
394351007b7fa83b84a30c66b84083ba9af66410
-
SHA256
d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f
-
SHA512
b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf
-
SSDEEP
24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw
Static task
static1
Behavioral task
behavioral1
Sample
d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
bz24
paltran.com
convadesolutions.com
smyx9b.work
friggerio.com
jndyfjc.com
dm4im2q2.top
adamloweforpresident2020.com
grvtyindustries.com
lovelycacau.com
seqizi.net
xisl88.com
dateknightdelivered.com
celebsmoaic.online
patriciolawnlandscapellc.com
liqq.asia
solutions4educators.com
hybridrate.com
newseza.com
enfejbaz9jdfthea.click
bergstromchevymadison.com
becozify.com
3a8882.com
norhenkan.net
leslie-jiang.top
bdgz.asia
lsdrw.com
stratusslides.com
jawatankosong.link
by6232.com
shenzhenjubo.com
mgt-xj-313.com
renovaro-ai.com
dvisionaryconnections.com
yyyyyt.com
oohyi.com
misslemonhotcheetoz.info
72nai.xyz
dde.ovh
genai-pubsec.com
huifeiya.com
ordermetrics.dev
ixcdex.top
mac-update.net
15659.top
aqyx.net
dtcp9900.com
syxomz.xyz
bluecarcovers.com
rottenegg.dev
zyk66.com
wiserstride.com
softwareology.online
ex-fudousan.com
spaceyplay.space
aa-012.top
m2senterprises.com
tokenbocket.pro
imtmatcher.shop
cove.directory
wilddolphinswhales.com
wooahanfamily.com
pergolassales.com
kustch.space
472persimmon7.com
aaacaw.com
Targets
-
-
Target
d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f_JC.exe
-
Size
835KB
-
MD5
33ffe47617ab65e5fbb0b2eedf0b5b4e
-
SHA1
394351007b7fa83b84a30c66b84083ba9af66410
-
SHA256
d316934fbbc328ee5764cc3ffad8342ebb530df25f43e3f46e0e27fcc8f7067f
-
SHA512
b73e46c09c42c4196299e4787652991de3cc61ee869833a4b241d1222bbfbab9bd31e59533835a57fb15d221891ceac387d5a8e97cff918046fc84d81cdbe0cf
-
SSDEEP
24576:mk70TrcKMs8ftsubdunEtMif2Fo0VANdUKsm1:mkQTAZsubdunDif2F9Agw
-
Formbook payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Suspicious use of SetThreadContext
-