Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a731201c494158fd9f3b137b67db02ad541ff8faff0f4b26d66d5234027abb60
-
Size
552KB
-
Sample
241121-y565ha1ngl
-
MD5
02d6a3b0f8437d346e9ac47c6e3c30db
-
SHA1
6185990c7684ff45314341d2e8755bb165533308
-
SHA256
a731201c494158fd9f3b137b67db02ad541ff8faff0f4b26d66d5234027abb60
-
SHA512
f19c3652089ae32df42e1b2a04a0b6c56054c03d2c7997e9a81f5eb7f645ee9d64036e70e654086519d1dc200ae126a7877e0033d9568ab408be440d95e90373
-
SSDEEP
12288:iq/y4yBO3/Zeis3jdciLS12l2SAWg9udOYOI5tw5fpDgg3u5JT:4z3jd3qpudOOChDggKJT
Static task
static1
Behavioral task
behavioral1
Sample
DOC09178236_20210922.exe
Resource
win7-20240903-en
Malware Config
Extracted
xloader
2.5
ohi3
itaewonbrunchbar.com
spectrosam.com
vanita-bavaria.net
kovrikydoma.store
tilthespire.com
aichuanghuan.com
healingyourbodynaturally.com
1790thirdavenue.com
zollogistics.com
inden-shop.com
fmhra.online
blenbigs.com
ofedward.com
efootball2021-eventpesmob.com
sutas-tr.com
ampersandcraftsuk.com
roofingcompaniestampa247.com
whwkjmhy4f.com
gngifts.com
bellezamarket.store
ebusinessdesignsolutions.com
asianm.art
k88fujita6459.com
fangweima.net
wns12688.com
jbysxjy.com
poundtech.xyz
ehawkstech.com
gypxjn.space
arizonawireproducts.com
pearl-street-art.com
getgrantmoneygov.com
kristinaticklerealtor.com
hetland-development.com
searingsloxzb.xyz
stary-love.com
hablandoespanol.net
338700.com
tacobelliever.com
mediciborgaretto.com
greenworlder-holding.com
wenbaokang.com
paulanercanada.com
sonatapetiti.quest
13192glensidedrive.info
fivestardriving.school
045yu.xyz
bosbabetogel.com
estreetcars.com
crochetbycare.com
hubinternationalinnovation.com
jishangban.com
swooningheartsenterprises.com
scbcommunity.partners
maonagrana.com
servuscollection.com
tactical-gamers.com
droneinspectionpro.com
gazetnydom.com
scottturns30.com
vch.biz
shein.black
amlakcore.com
umldbe.xyz
cctassetmanagement.com
Targets
-
-
Target
DOC09178236_20210922.exe
-
Size
734KB
-
MD5
38cb740b60d846d2a14a49021a10e164
-
SHA1
6d1b170fb830773cb750944938f2ada14499fd07
-
SHA256
d27692420e58cdd646e9a5bd19618387395ee4bc63d10bbe14fe3548e4546889
-
SHA512
4a4a8f86e7fe559771d401766b4df2f9e194f670222156330f150d72677b92b353d27d8ab43aadd0facae1babc3603bf78bb6e714be559cd9e56294384bbc1ce
-
SSDEEP
12288:hCmtiK5oKB2GisSjdcBL91Wl2sAzx9u7OSOI5ow5fpvgy2k:M+Fo62oSjd0nJw7OVChvgy2
-
Xloader family
-
Xloader payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-