Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9.exe
-
Size
611KB
-
Sample
240213-dyfnrafg8w
-
MD5
cf7fc3ae06a494c5659daa2a66971e8c
-
SHA1
b4cb522e9da268a729e6e685557d45b8fba9e4c5
-
SHA256
94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9
-
SHA512
d01e35f0b1e9074da9c1318f90d983624a4fc5c3c6343aa69cfe76b9605354b9361d84c6c27d116ca8b083ca6b044994d37d45deac37f9631ff3b4f45121db0d
-
SSDEEP
12288:WxEd6SeObnbNfoY6XSLpy1AUngsREeSS99SFc4BK8kP84tqkK:Wxc3bbNfoYcSLp2AUn/FTSF9fc84v
Static task
static1
Behavioral task
behavioral1
Sample
94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9.exe
Resource
win7-20231215-en
Malware Config
Extracted
formbook
4.1
pz08
deespresence.com
fanyablack.com
papermoonnursery.com
sunriseclohting.store
jenstandsforarkansas.com
lkhtalentconsulting.com
baerana.com
hyperphit.com
davidianbrant.com
itkagear.com
web-findmy.site
liveforwardventures.com
skyenglearn.online
studio-sticky.store
yassa-hany.online
tacoshack479.com
bigtexture.xyz
erxkula.shop
go-bloggers.com
qwdlwys.site
taylorpritchett.com
yobo-by.com
trendsdrop.com
boostyourselftoday.com
taxibactrungnam.com
sgzycp.net
anti-theft-device-82641.bond
ytytyt016.xyz
loveyourhome.style
ithinkmoney.com
bertric.info
permanentday.space
kxn.ink
onlythumbs.online
techrihno.com
washing-machine-46612.bond
phdop.xyz
nordens-media.com
gourmetfoodfactory.com
ketoalycetiworks.buzz
amplilim.site
usetruerreview.com
inprime.xyz
aloyoga-uae.com
quickfibrokers.com
primadesignerhomes.com
greatlifehacks.online
thewipglobal.com
tobegoodlife.net
hotelfincamalvasia.com
trevts.com
ae-skinlab.com
grammarhome.com
cld005.com
first-solution.online
keylabcerrajeria.com
besttravelsgate.com
friskiwear.com
hedrickmanufactory.com
pinewell.world
5819995.com
c2help.live
kai3.center
plantasdasminas.com
rdlva.com
Targets
-
-
Target
94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9.exe
-
Size
611KB
-
MD5
cf7fc3ae06a494c5659daa2a66971e8c
-
SHA1
b4cb522e9da268a729e6e685557d45b8fba9e4c5
-
SHA256
94ade5dbc8785ceb3c54891a66c6c906fbe73d1fdd47922ac6de49561ef967a9
-
SHA512
d01e35f0b1e9074da9c1318f90d983624a4fc5c3c6343aa69cfe76b9605354b9361d84c6c27d116ca8b083ca6b044994d37d45deac37f9631ff3b4f45121db0d
-
SSDEEP
12288:WxEd6SeObnbNfoY6XSLpy1AUngsREeSS99SFc4BK8kP84tqkK:Wxc3bbNfoYcSLp2AUn/FTSF9fc84v
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-