Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
13/08/2024, 13:51
General
-
Target
eb3a413a0c429934a855be955e984dc0N.exe
-
Size
1024KB
-
MD5
eb3a413a0c429934a855be955e984dc0
-
SHA1
f3e72d00c9cdfeb200eeb1216fa05000e809a462
-
SHA256
da5e0937154966ad0f773e1c91e0116099c51fe15a745a7f2ed3857cd1aa9101
-
SHA512
80b4e899656e8dbc961034a5f01cc0a78e01534b699b6768a81132b53302514ad07e41e76d1faf43cfc5086e685f1cc5e60fa6f59a7ae4e46415db31f32ba14c
-
SSDEEP
24576:bVexEpFDcLc1N6/1hZ+1YhXODdwq4JEWCbtyLdw6cEcK:btN6N2jELdw6
Malware Config
Extracted
formbook
3.9
mr8
art-burger34.com
childcareos.com
bernardo.gallery
sadocdecoracionsl.com
xn--jh1as32a9kco1c.com
foodidelivery.com
chicagolandhomeswitharacely.com
eastbayprep.com
fohcoflooring.com
bororedsfootballacademy.com
xrip.ltd
free-boyband-tickets.win
hongxinmuju.com
kkkk030.com
camilaigor.com
graveber.com
botuoi88.com
aerostarmc.com
vapewerx.com
e-daftar.com
Signatures
-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Formbook payload 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb3a413a0c429934a855be955e984dc0N.exe"C:\Users\Admin\AppData\Local\Temp\eb3a413a0c429934a855be955e984dc0N.exe"1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD57b338957a36bcb7624e4806df3426d72
SHA15c39cda9a5ba1656f851ceefe91c902c9b8fad86
SHA2564c2e681b01e61032e68b5a262669d08c4d66bb6e720420e6267efaadcd1323f6
SHA5122706e79f76213144daa5f5e35100294ede605b996913de20f59c4cacc53d09f826d3dca88be363313b03f8ed33e5212b2754725ebbe968f4c781455e5656e741
-
Filesize
342B
MD55449557e1c63b52f4b2ca8e0718a3c3d
SHA17a994aa839f333c9930973d64b33e09472eb58aa
SHA2569af1da9e21eeea2a40d2303bfdb9c65637db32c1ff88fd149493344b648ce56a
SHA512e83fa36a5c23c0ca64b8cb23b8054c48d54a144c2ee06c4c125ed7351219dd1098a6cfc0b455e16206c8be870b366a0a1293ad6a99c39fb4e32d56e3f3e20d15
-
Filesize
342B
MD528314e37a7d56f483f706492c5a03b16
SHA1223567544f83bacf124c8f6043a6dc03d5ddfcbd
SHA25632143dbedae9ac871b4c7b438ed98450b97d52dbc9fa43166c4db838a18bca3a
SHA512d4ec1bc254cb9cb9bc00febcdb3cf3604cbc1326c8a42e4a8a97f1f7a69b40450b78a0717039a4282d93ea9b62a1a472cb34df5a33d74ac276e7f71f95eb0ae5
-
Filesize
342B
MD5114069b177eb3cfbd305559e5483a0b5
SHA120baed5cb180f4298227014be824a37ba8eee6a9
SHA256b54d19713853a112bd5eb213e59d005e3d4ff8eda29101dec74c8a9e7afbf236
SHA512538ef642e6cf07138c8ed5bad626b9bafb28a94eea020c78e114e122f8d91eaf93940259f5752e4decb60e4b37227711c9cedb0f57ffb2869460051c8bf2d8dc
-
Filesize
342B
MD575b2fc42844c1661b25b361050d157b5
SHA14eda49f483a67cf9695dee0797b521887443f57e
SHA25604e2b89cc154b834fda47404788a48747069cd4d98aa1d5687a1973838f90ab6
SHA51293180f460bce11b635d55e100746404ffdfe6b9052134c53433f3fb73da5701eceec29a878711e4025d89f93d9a3cbe18970e5c09cdacc3fe290fe455086e50a
-
Filesize
342B
MD5cf08df7f3bc0b569760285cd7464dbe8
SHA1c9994a704221b0cceb806d649f287f1ee0970258
SHA25663ae35fa6f1f619975102ac5115e9ff3fc064cd6885d1a8fe97d947209b7a8fe
SHA5124535981b2915bcf9b80edb71e7dea7b7d6d241695b516f63e0e47680475ecfc9e63ff96ee3c54a6f6c5e2deedd16659996048fcc6b891a62f2b09dddc377e451
-
Filesize
342B
MD5d8aa9a0a87359a71dad813e6b7bb98a5
SHA1f584989ec0195f69537d2dbcf3764be2c4ae01c1
SHA25641288c4ade4fe821d274ff398627e4209027e2ae1e054d3a932cb0efef649873
SHA5120c38a093bf2fa2c41069e6e09f89996cc8950761ce524b0fb09791406966dab4531724fa0c0514789cd2863a827cd554f3cc38229ceb0b308c9ea24e107462a0
-
Filesize
342B
MD52e694913a97e538ede841c7c6e162268
SHA114c77f1b383d5e011c7a58bc40e8405a69ac2e57
SHA256aaddf5d3a55581ae1aa6c4128d7ee344069133b63222940a0ef1348c910bbdd1
SHA51294e354cea568cca2f9d9b5b6b269f167a0ce48c4ad5376e7cfec74d8e8aeece18d4c129bb18804d0bfc7e0ff95e9b78fb40653628a3692d84ee88fd599c80b7d
-
Filesize
342B
MD56ca1ac295129501e46eba5278cb5870d
SHA14e60a10f4ba94ba35421f21ed35ef4cf7e4e7cbe
SHA2560158d1af63840878b5fcc9f93150b436aaa3af86679da60b4806712d90211988
SHA5129b4ffb1762a2456ee2d5bdaf3d52b0065cd666b0db6e430afccd94c9d0e0f9368bda8b3f0fc98ee1dbe1359b2aa0f7e3065f186e8f71dcea9f8679fa39ffec1e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1.0MB
-
Filesize
200KB
-
Filesize
3.0MB
-
Filesize
1.0MB
-
Filesize
200KB
-
Filesize
8KB