Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
22ca610098805557434a4b2810329689.bin
-
Size
1.9MB
-
Sample
231117-bqklmacg73
-
MD5
2fedbdc13c6236b00d913c02253bfd86
-
SHA1
bd2926f72ef483023823882bbfa989417ea649d7
-
SHA256
127e769d7c6587fed646fe52712032fcd483df248fa23c81614bbccf3a534279
-
SHA512
0047d542c301d0117d4aad7336b97b0cbd2199d961172ef7fefc59b99d40fae795b94fb19be1832bf0179baac8b35783558e6bfe4a93695220c95d32310b35e1
-
SSDEEP
49152:oMvW4a0Gc2A30kPd7FP2HAyfdjxz8hcsNh3:hW4a/c2A3LF1AAifzaH3
Static task
static1
Behavioral task
behavioral1
Sample
ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335.xlsx
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335.xlsx
Resource
win10v2004-20231020-en
Malware Config
Extracted
formbook
4.1
tb8i
097jz.com
physium.net
sherwoodsubnet.com
scbaya.fun
us2048.top
danlclmn.com
starsyx.com
foxbox-digi.store
thefishermanhouse.com
salvanandcie.com
rykuruh.cfd
gelaoguan.net
petar-gojun.com
coandcompanyboutique.com
decentralizedcryptos.com
ecuajet.net
livbythebeach.com
cleaning-services-33235.bond
free-webbuilder.today
pussypower.net
tron-pk.xyz
heirvaeh.com
9129z18.com
0x0audits.top
gpoinad.com
texwwfrx.com
bonusurunler.online
babytoy-deals.com
8onlyfans.com
farmermapa.net
vallishealth.com
tiyu116.net
driftlessmenofthewoods.com
jaliyahsboutique.site
hillandvalley.wine
funlifeday.net
kmrcounselling.online
rolandofrias.online
6632k.vip
reporttask.online
99dd88.buzz
bradleymartinfitness.com
superflowers.pro
startaxeindhoven.com
districonsumohome.com
wombancircle.com
gdtanhua.icu
strikkzone.com
otismc.net
dataxmesh.com
assosolico.net
grataballi.com
geigenbau-duesseldorf.com
freightlizards.com
sololinkliving.com
hecticgame.com
stx.lat
cleanfood.bio
ismprojects.net
reillyleet.com
socialise.biz
collaco.info
genevalakeagent.com
drivefta.com
free-indeed.faith
Targets
-
-
Target
ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335.xlsx
-
Size
1.9MB
-
MD5
22ca610098805557434a4b2810329689
-
SHA1
23cf1f231d4b1a53416c3f72accbe8e21b4b1fc3
-
SHA256
ad208fe787c74f455a317a5050c3462c8236ed6e3c58f9c6082147ca09902335
-
SHA512
a333f8b243c5482302857834f185d934dc6f149b587e40ae41fc30e61936f0fb4c55d0c543f590dcf714fc688abfb018655c86c1e2c10d8ead393ec66b06e910
-
SSDEEP
49152:0kVgTbHTs6oLbLvnlfRzlPlJfhQKyd2jgC0c+QXjI2yD:2TzTdoLbLvFRzljJed21+yjIB
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-