Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
STATEMENT OF ACCOUNT_xlxs.001
-
Size
746KB
-
Sample
240125-rk2wqaaafl
-
MD5
51361d84cce41cae050d6b134f758355
-
SHA1
c93b3153a15b7c873d51c9c0cfede656d77569d0
-
SHA256
60c79090dd1ae506875ac4d40e82ad58209f866ad8c1bf539d7b539380daeff9
-
SHA512
4def51b5b4adbd488932d8922e5fa63dc6048b78011987bd13fa6fc4296fc0731de8df73229879b5c64c4818ff5cbb52e76f748dcefb331a4fdd954dde71ca7a
-
SSDEEP
12288:BR9cQgrziFmJxYNsVgfVYriXQykSaBNIwXKSy9xpPLNmG3E9miJ8Iy8F7:TFmiUJxYNMgNXQNfnICKx3bmGmbiIz
Static task
static1
Behavioral task
behavioral1
Sample
STATEMENT OF ACCOUNT_xlxs.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
STATEMENT OF ACCOUNT_xlxs.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
formbook
4.1
oa21
towinglyons.top
dunia-togel.xyz
alabnm.com
1stsole.com
uio3222d.store
little9.site
educationexperienced.com
tjautoline.com
twinzcreationzllc.com
sinsegoldenwolf.com
seeks6.studio
monetatowing.top
hqgroupiq.com
e8f4.com
mayasaccessoriesofficial.com
cribllc.us
homeremodelee.today
etl8ryc.site
danielbrennerreality.com
telcotechmelboure.store
q0ld.site
ansiedadepsicologia.online
00852kjh.com
kristacare.online
cookfranschhoek.com
superstarweed.com
theheatwavepack.com
cte106.vip
tarotpersonalities.com
jteungyt.com
t138.site
der-schoepfer.com
abbasabedini.com
mysticslight.com
mo61753.com
huberprivatecapital.com
lybhsh.com
sexymize.com
kwkstarter.com
pisck6u.sbs
getsilkywaytoday.com
sunglassesclipcheap.com
atxstem.com
yyll0.site
116zy.com
seyret5.top
kodamin.com
lexiop.online
yourecreation.com
mil58.vip
xmpp42.site
leningrad-spb.com
ratu123.ltd
6rpr.site
cntm077.xyz
e1fbar.com
mauroviviani.info
ubmk123.xyz
desouzaproductions.com
immaculatedwellings.com
cottonfruits.com
kennedy-towing.top
cherryridgele.com
glittergrid.com
tswwmvdo.com
Targets
-
-
Target
STATEMENT OF ACCOUNT_xlxs.exe
-
Size
888KB
-
MD5
2a63c7d093ec7a63a4fabf61452e2206
-
SHA1
501c0f22803da5b0ce77f915efac3567644c47ca
-
SHA256
a51862c42a347c96969bb5e511b81d1beb31d50f850acf4fbf041087911c92f0
-
SHA512
2bbfda19a986bec80b79beb33412fec220ab864ef15d3897a6e3e023e214a0fa7e0c4376d241476911ac5813571db1c07aa65aa8c00d62aaabdd668c5fe25a0f
-
SSDEEP
12288:lRrzL0BkOhDPswBw4nP/CBx21t+TZY44s2WvbcWqOOav/qjqPaK:lJzpOLi4m0fCZsNWpOaHqDK
-
Formbook payload
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
0d7ad4f45dc6f5aa87f606d0331c6901
-
SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457
-
SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
-
SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
-
SSDEEP
192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score3/10 -