Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL Shipment Delivery Notification 27-9-23.r00
-
Size
308KB
-
Sample
231011-hw267aha4v
-
MD5
414af2fa03d933fe78c66163336038f1
-
SHA1
827cac0f53c099597014171f5e022a5c84eb78f8
-
SHA256
07daaf1983dc5ad5374f4776d4e1a3f74a8933891cf1b497129358702bdbc33a
-
SHA512
f0394d8deeca186156c4ee018215b5e2910368a9203c9f5ede2d4fc309805a6b02d4a8933279c7baa0b067df365f3cdd08d2058ce2e6d3ae96e5fe266770e866
-
SSDEEP
6144:QZUlD8IY50gzMQF8xkqLU4DhPh7cb9OtA/j8CuA1JUq0UnrFo:Qy8IC0gzM6iLUohZkdYZAIuFo
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Delivery Notification 27-9-23.exe
Resource
win7-20230831-en
Malware Config
Extracted
formbook
4.1
sn26
resenha10.bet
gulshan-rajput.com
xbus.tech
z813my.cfd
wlxzjlny.cfd
auntengotiempo.com
canada-reservation.com
thegiftcompany.shop
esthersilveirapropiedades.com
1wapws.top
ymjblnvo.cfd
termokimik.net
kushiro-artist-school.com
bmmboo.com
caceresconstructionservices.com
kentuckywalkabout.com
bringyourcart.com
miamiwinetour.com
bobcatsocial.site
thirdmind.network
4tbbwa.com
rhinosecurellc.net
rdparadise.com
radpm.xyz
thewhiteorchidspa.com
clhynfco.cfd
ngohcvja.cfd
woodennickelcandles.com
gg18rb.cfd
qcdrxwr.cfd
974dp.com
lagardere-vivendi-corp.net
chestnutmaretraining.com
seosjekk.online
ahevrlh.xyz
uedam.xyz
natrada.love
yoywvfw.top
unifiedtradingjapan.com
chinakaldi.com
agenciacolmeiadigital.com
wdlzzfkc.cfd
097850.com
xingcansy.com
uahrbqtj.cfd
charliehaywood.com
witheres.shop
sqiyvdrx.cfd
biopfizer.com
tiktokviewer.com
prftwgmw.cfd
sfsdnwpf.cfd
linkboladewahub.xyz
orvados.com
goodshepherdopcesva.com
christianlovewv.com
cdicontrols.com
hawskio26.click
ownlegalhelp.com
tiydmdzp.cfd
ppirr.biz
stonyatrick.com
itsamazingbarley.com
msjbaddf.cfd
zachmahl.com
Targets
-
-
Target
DHL Shipment Delivery Notification 27-9-23.exe
-
Size
323KB
-
MD5
d500caad040c54a8a064bb1ae1e02277
-
SHA1
02f4722d98277480d4d128e3321f156e0471bdde
-
SHA256
c261ace97411301444d9dfa50d29f9a0328e83ddf45bf15128ad9d796d050461
-
SHA512
1898e9b94b4cd314327473063b3d800f5eb91a7b5044d72f801251c0a42c8211646974ddd753a0f80dfdc647a056032d3041d41ecec7a890bca78c6751c4cde3
-
SSDEEP
6144:BnPdudwDs9iDkylpSqHCJLYFn+dBfSVuMKdWKPcmr5tT/RIQzNfov32ZzjWusiD/:BnPdw9iAmpbHCJLQneBaW8KPc2tlIQzp
-
Formbook payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-