Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Confirm!!!!.rar
-
Size
548KB
-
Sample
240112-q4zd9shhc8
-
MD5
6b03a73bf0ba079b96e65c73a1600d11
-
SHA1
45139bb99e3ae87f597431daa30a46fd2961f9ff
-
SHA256
bd9eeea5e3b56e0b6dfe7f745aed091c81a10e55a1504ea443bea0f44a9ff085
-
SHA512
6bf92480fd395bfda8bd6d01e465e2e212e1151b56a9a401d28d1e50344bb0c0173927e3a23f8abc562dbb353bf15d666e0bf312afabe35026ab6e50b1478f90
-
SSDEEP
12288:j9xKaS0OhDWvF6onLfOVcBuhtQiQNz541BY5mbx2S5Fx:ROh+3LfIL05Mt
Static task
static1
Behavioral task
behavioral1
Sample
Confirm!!!!.exe
Resource
win7-20231129-en
Malware Config
Extracted
formbook
4.1
he2a
connectioncompass.store
zekicharge.com
dp77.shop
guninfo.guru
mamaeconomics.net
narcisme.coach
redtopassociates.com
ezezn.com
theoregondog.com
pagosmultired.online
emsculptcenterofne.com
meet-friends.online
pf326.com
wealthjigsaw.xyz
arsajib.com
kickassholdings.online
avaturre.biz
dtslogs.com
lb92.tech
pittalam.com
cyberlegion.group
24eu-ru-startup.xyz
theaustralianbrisketboard.com
bavrnimn.site
xn--groupe-gorg-lbb.com
hg08139.com
myjbtest.net
cyg8wm3zfb.xyz
mimi2023.monster
ruixiangg.com
smokintires.net
out-boundlabs.net
matrix-promotions.com
botfolk.com
6o20r.beauty
cpohlelaw.com
zamupoi.fun
eletrobrasilvendas.com
desire-dating.com
678ap.com
bioprost.club
hfaer4.xyz
yuwangjing.com
359brigham.com
misstamar.mobi
lucasbrownviolinstudio.com
mybet668.com
giuila.online
mathews.buzz
dcmdot.com
epeople.store
totneshotdesk.com
jaehub.com
notbokin.online
trongiv.xyz
adept-expert-comptable.net
4tvaccounting.com
saledotfate.live
canadiantrafficmanagement.net
oktravelhi.com
taylorranchtrail.com
tempahwebsites.com
b-store.shop
paintellensburg.com
qfs-capital.com
Targets
-
-
Target
Confirm!!!!.exe
-
Size
670KB
-
MD5
b1ab7cccdb47e4b3e87b2c4055e203fa
-
SHA1
ca27b1b3639e8cb27d82310f95112b5021b8a653
-
SHA256
5931b9bb54cd619e0e0518c4e61654a3c154b59e72428698ea3f381cabaad213
-
SHA512
0a6344e74ae9f196ec5c6088660fe201658a1d168bf5795943565613fa358be6c8a55d1410ed76c7ac1b7ba538d4bce4fb7ace8eb00f6928df2a5a238cb4947f
-
SSDEEP
12288:5ebOcLHhFQd2zjpltAQBmlYTQM+wFiCGZ3wtaqwArx:UVYILmQBmxMJiutnx
-
Formbook payload
-
Suspicious use of SetThreadContext
-