Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f.exe
-
Size
680KB
-
Sample
240711-b7zrwavbmg
-
MD5
207011f0f9e2d8c3ef2d256aa44286b7
-
SHA1
32239c8cdcbc135cadbccfa0ca93312e6a9a8e71
-
SHA256
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f
-
SHA512
7083c82523316980514e9b615e349b3018605f2e02388fb259607248f0f40fa506e279e38fa7d6b8d8249c49f6cc5d9006b2d78b504512ad9ef8106493bb987c
-
SSDEEP
12288:1Vwp0xC0kU60d7djPR7SCVlxVaPi0xAbY/uVHCJ+yTZ:vwpECfedjPR7SElxVii4AbY/ulMT
Static task
static1
Behavioral task
behavioral1
Sample
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f.exe
Resource
win7-20240705-en
Malware Config
Extracted
formbook
4.1
45er
depotpulsa.com
k2bilbao.online
bb4uoficial.com
rwc666.club
us-pservice.cyou
tricegottreats.com
zsystems.pro
qudouyin6.com
sfumaturedamore.net
pcetyy.icu
notbokin.online
beqprod.tech
flipbuilding.com
errormitigationzoo.com
zj5u603.xyz
jezzatravel.com
zmdniavysyi.shop
quinnsteele.com
522334.com
outdoorshopping.net
7140k.vip
appmonster.live
rvrentalsusane.com
berry-hut.com
h-m-32.com
aklnk.xyz
project.fail
thelbacollection.com
ternkm.com
331022.xyz
qhr86.com
casvivip.com
f661dsa-dsf564a.biz
holisticfox.com
taobaoo03.com
kursy-parikmaher.store
reignscents.com
wot4x4.com
axoloterosa.com
instzn.site
nn477.xyz
jwsalestx.com
cualuoinuhoang.com
sagehrsuiteindercloud.solutions
2ecxab.vip
lottery99nft.xyz
budakbetingbet43.click
plaay.live
drmediapulsehub.com
bahismax.com
clareleeuwinclark.com
clarimix.com
ssongg11913.cfd
shapoorji-kingstown.com
detoxifysupplements.info
easy100ksidegig.com
abramovatata.online
barillonfo.net
keendeed.com
yunosave.online
pptv05.xyz
malianbeini.net
polariscicuit.com
sahibindencomparamguvend.link
used-cars-99583.bond
Targets
-
-
Target
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f.exe
-
Size
680KB
-
MD5
207011f0f9e2d8c3ef2d256aa44286b7
-
SHA1
32239c8cdcbc135cadbccfa0ca93312e6a9a8e71
-
SHA256
93aeb18c52bece32042f39cbce6994036ac8556043fdc335bb3fc1453ce8d74f
-
SHA512
7083c82523316980514e9b615e349b3018605f2e02388fb259607248f0f40fa506e279e38fa7d6b8d8249c49f6cc5d9006b2d78b504512ad9ef8106493bb987c
-
SSDEEP
12288:1Vwp0xC0kU60d7djPR7SCVlxVaPi0xAbY/uVHCJ+yTZ:vwpECfedjPR7SElxVii4AbY/ulMT
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-