Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
04072024_0308_03072024_waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.7z
-
Size
15KB
-
Sample
240704-dm2f3stbma
-
MD5
eb808525398bb89826b47b550c343faf
-
SHA1
58e43e5d424fb517b6467c9784d2f0c60925e744
-
SHA256
cbeaa69112438979b62158313337d7adca7208826cd4ce4ab19504bb0897bae4
-
SHA512
63424805de2d30840d69d251b4f87533bbb48a90bb9a148835765df5a32cb1d566886fbed32e0f0cebff70c3b42e30c44e974caa259fd5d74971bf9e60aca237
-
SSDEEP
384:tyPtoWoYlw1IB7wJ+zgwoOGnPaB1ZH0G+P7BtS8B/HfXwe+/5:tWyECcwJPnPaB1ZBS7Z/XZI5
Static task
static1
Behavioral task
behavioral1
Sample
waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.vbs
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.vbs
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
waybill_shipping_documents_original_BL_CI&PL_03_07_2024_00000000_doc.vbs
-
Size
26KB
-
MD5
503813637a43724a817bf18d9f8b6610
-
SHA1
c44800bcab2246b8cea09d9c8e8b56d461a634cc
-
SHA256
027478d4f38530836abfa6819748b88b4b540d0a27090903d697a5d3e555535e
-
SHA512
486ac7e3b46725c0da9f27051d6b657a59746a99d2788ccf971096ab8b920dcb3547acc320ca83d064a639694f992b917705bfb839729ac3473237a12ce2bb4e
-
SSDEEP
384:VBlzV6m2So022lGP9V6+s0flKJpl/5ZrE5HVnS0Re7PIx+5lEPmgww74LKQKhOAp:ZzSR022X/523S0e8xPPm+Tmq5qPtxhgz
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-