Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe
-
Size
635KB
-
Sample
240220-gkyh7acc5w
-
MD5
266b256a9d1e3e48d3e7f332d55808bc
-
SHA1
fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3
-
SHA256
993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e
-
SHA512
3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3
-
SSDEEP
12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN
Static task
static1
Behavioral task
behavioral1
Sample
993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe
Resource
win7-20231215-en
Malware Config
Extracted
formbook
4.1
fr07
considerateandrefrigerate.com
yuuki.academy
elizabethcaldwellportfolio.com
kegdol.xyz
wecommerce.one
4018mlp.com
nirng8u.online
techmalabar.com
hm885.com
lacademiedespossibles.com
sungnamdobae.com
aldardasha.website
tvkvijay.support
subpreschoolteacher.com
revolutionstealth.com
rtpindo1.store
healingsensationscbd.com
digitalmakeads.cloud
vlascosupplies.com
trautwen.com
donnasdogshop.com
kbflc.com
quelrecommends.com
le5o59.cyou
manang.site
vcrpg.baby
sosimpledesignstudio.com
disruptfirst.com
vibecartt.com
gsbrdykj.com
grandroyal188-oke.online
cmfitness1.com
novlt.co
absoluteshuttermaintenance.com
suipm.io
paisasporno.com
nadiadentzer.com
freshairs.in
sachinkumawat.in
terrasantainvestments.com
learnproductionsound.com
marvelaftermarket.com
po2greencoffee.com
tarotcovenexperience.com
queenmillion.shop
lt-nuobaudos.net
dareremodeling.com
semu365.com
localisp.net
armorofgodprotection.com
gibit-offers.com
laspaletas.com
fixhobomay.com
airobotmower.com
atlantajubensha.com
apagog.com
chazong.net
big-decks.com
lilh.site
careers-envistaco.com
dokiibi.shop
ketoalarukiworks.buzz
marjeezesoulfulcreations.com
pay-id812746.online
mfqnb.site
Targets
-
-
Target
993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e.exe
-
Size
635KB
-
MD5
266b256a9d1e3e48d3e7f332d55808bc
-
SHA1
fb3d7c13dc44c3cb476fd0a0f7fd3b377373e8d3
-
SHA256
993841103742d791f4dbcdc75757bac6ac7fddf1eb50dcec5a72daddce44cc9e
-
SHA512
3bea81f5f96eae9abc8a6733c0220367e8664b2b2c15c4c663fa03fbf97663ec5becb2cfc3468c796757bfd33912880bd7900796b2da8f3387f629d2cbd606a3
-
SSDEEP
12288:vSmPwRYnOELz89OW+pPqwABljLt2EnS3KrNLr8StEotSnFKIFN:vSmP0Y74uPqwABlHtzSaaSLSnsiN
-
Formbook payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-