Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Doc 07232412.bz
-
Size
589KB
-
Sample
240723-q7w4batbrr
-
MD5
72e3353b16259f70d7b0238ed3b0e6ad
-
SHA1
f5a403f1e3b53f5810e3e1be6897b568cb3d6a52
-
SHA256
dc5979d64d9ea41f929d14f4ca02dd29f5dac9c77b3e5584ad076d2f87b82704
-
SHA512
527798d5549787baec0287154f3ca92bd2fdb2389f7846936aaca5facdb1a17398466954039e244168639aa08edba56080da060c851e0a90aaec9062418702d4
-
SSDEEP
12288:aVtWFShMR3m+6ws68REMnV1435a+UlgNrO/AuMJsnEc2Q8qpW8cE:aVM3R3m+6wsvKMnVwcqY/2jdQhcE
Static task
static1
Behavioral task
behavioral1
Sample
Doc 07232412.exe
Resource
win7-20240704-en
Malware Config
Extracted
formbook
4.1
by21
digitalillusions.net
changeblue25.com
kitchenwoow.com
grupocontigoalimentacion.com
iranabr.com
embodiedmagic.com
superstoreszone.com
apartments-for-rent-46883.bond
kelbagnole.com
rideskratchlab.com
a06kng.club
saddlebredallstars.xyz
filepd.com
kxetdf.asia
dl39yy.com
jackedsearch.com
exodusprofessionaldetailing.com
ecommerce-40144.bond
uh3b94g3pyczi9t.skin
dcmcc635i.xyz
mifactura.info
suv-deals-36687.bond
technboost.shop
coroaabos.com
lexbd.asia
card-swiss.com
zerolength.com
autopro13-dz.com
hr-outsourcing-51978.bond
pylo.online
vdecorshop.com
rh-surplus.com
j20d.vip
5nujoom.com
nothing-but.online
oyuxjkoz.xyz
3040com.com
ntbar.online
mpics.net
tacticalbirds.com
qwmu.asia
ahotbuyweb.com
fvbzx.xyz
thebjcam.com
ikbim.rest
directfunds.network
soitaxi.com
hypecoin.xyz
bt365819.com
aidiventures.com
coastwindowcleaninginc.com
pinup-adwise.top
prjctbestia.store
51272941.com
mubozest.com
teneriferedtape.com
hopeandshop.online
m9eytjkm46lzbln.skin
tehtarik8.com
00050131.xyz
leacarat.net
depression-test-20232.bond
aidhubamerica.com
alihz.asia
ahenkalacati.shop
Targets
-
-
Target
Doc 07232412.exe
-
Size
637KB
-
MD5
d44cbc7808ef4ca0e9007ed7812ac54c
-
SHA1
3562886c50d64e72079e0bad936c065027acb6f1
-
SHA256
eb9de075c6c5ac3dae5ec163fe9d8abeccf9edc3bdeed05364dcacf64c9550d2
-
SHA512
6c256b5c66177a5dee6bc769c8fa782834feefdc584beeb503f89e0cedbc23a88dd98976774f0839765efeb137b1a87ffb71ff36659e560777f33601340816f4
-
SSDEEP
12288:WdwwoIc0QIH2j0ocLX6NBxa3+SYOhAbp8FCTzcDxuN+wsv5/s2cxkOxW/t+BA:WywoIc0QIH2EiBcPQTTzIuN+vv5ixW/e
-
Formbook payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-