Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe
-
Size
700KB
-
Sample
231010-v988wafb4s
-
MD5
32eca73388c09d03aa06f7f87602fac2
-
SHA1
8fff30284e55a9c9cf8d1838bb2158249c8f9677
-
SHA256
6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60
-
SHA512
73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a
-
SSDEEP
12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO
Static task
static1
Behavioral task
behavioral1
Sample
6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
ur25
discountstoreonline.store
profitwavemastery.com
cvqqrc9j.top
easyhub.xyz
dynamicelevateemporium.online
hlcapp.com
jayanamachine.com
agyaie.com
rentthecostume.net
jvjjdjsf.top
ratce.xyz
pensoupecas.com
nnc375.xyz
beingfrankwithcash.com
simplysoaps.store
jugouqduj.top
rampageoriginal.com
tigglywinks.com
stillnightjohns.fun
exchadom002.com
doiira.com
psessential.com
meuiphone.space
permisaccelereaix.com
yadongkorea.rentals
bookesy.com
crevop.xyz
ssongg3980.cfd
lcoyngg.xyz
162197.com
humancare-bd.com
task-education.online
staffmait.com
vaclinic-aichi.com
astoriaapiary.com
163931.com
heartfulsupport.com
ssongg1669.cfd
stantonhomecomfortsolutions.com
oblastcommunity.media
bvty1646.com
nourishformen.com
j-nichols.com
cadenza.tennis
8828878.com
1ksx0i3e267z.buzz
finnsfantasticfamily.com
jantbolsosexclusivos.com
kelepirim.com
kamikacangbet.site
tiy504.com
oclairela.top
memoncollections.com
aowa.asia
edzx.asia
avalanchemode.com
haokake.top
lilypaddesigns.net
fidfaser-investment.pro
daivikd.com
huko014.com
1000plus.xyz
caballerosline.com
art-educator.com
redbeliar.com
Targets
-
-
Target
6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60_JC.exe
-
Size
700KB
-
MD5
32eca73388c09d03aa06f7f87602fac2
-
SHA1
8fff30284e55a9c9cf8d1838bb2158249c8f9677
-
SHA256
6ec844914b335f0e27b9f536da5691fcc06e6ecc80d0af8dd7bc3ed8b3ee0a60
-
SHA512
73e74da117a4ea5fb4fe5b1d44c6733d049ec2d35250f5340b0ba7aab73bd61f282f35762745a511b9bd98bdeee2ff3de19d176905dfbd5bb65a30640206545a
-
SSDEEP
12288:wbl/Hdeyg7s9dERt9vy64AvWxSWOhf6GxK0psn7TpBi2ZUfOr5eVssmnxSGcIoH:o/HdeP7s96/dD4AF1xgosZw2ZUfO
-
Formbook payload
-
Suspicious use of SetThreadContext
-