Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b9f1b6b390e993702fc4638b3aa7bc0ff497cb7b1d7d48862fdf7c17ea2564e6
-
Size
232KB
-
Sample
241121-ync54awkhw
-
MD5
33023bebebf39f42483d60b9f41ee523
-
SHA1
7915afd15fa219f317afc83006300d77aac3857a
-
SHA256
b9f1b6b390e993702fc4638b3aa7bc0ff497cb7b1d7d48862fdf7c17ea2564e6
-
SHA512
c00333773a1c50d5e945863864361e2e55e46bcbe15c9cee0683beea3b5c7648f471fd5dd8f5cda9c24bb764fb0616c3d6a23bf2265abcd7d985a8e14ab116a0
-
SSDEEP
6144:rqSDbkLowPXPRBOWqHxHN8aLVh85dJQrv1DJBWDKvgwE4JnMaUD:2SoyHxHyUVO3AtVBWKvgEMaK
Static task
static1
Behavioral task
behavioral1
Sample
2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
qmhzftyxd.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
qmhzftyxd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xloader
2.5
rbrt
murphypowder.com
roof.rentals
portalcidadaniaitaliana.com
rosettbeloof.quest
topup.website
flinorease.com
snakncity.com
megasaldaolu2021.xyz
taichan.xyz
4x4education.com
metaversealive.com
xyzvoip.com
finansresultation.com
camperstales.com
shmckeji.com
cinzakother.quest
wdgjdhpg.com
scottsregalcleaners.com
azaz2.xyz
nate.sbs
techforphilly.com
362ralphdavidabernathy.com
venomfc.com
baxterhost.com
dskensho335.xyz
entrepreneurpublications.com
bitaddicts.net
fairfieldliaocheng-dcf.com
lovenowlivenowbook.com
dimension42.com
didfuid.com
threecommaslaw.com
bussyexpertise.com
noilavoratori.com
kenyajoyeria.com
firewall.email
sab-scribe.com
giftsscope.com
aemetaverse.com
cryptofax.net
theundyingpatriot.com
bluinfo.digital
bbqmagic-by-mike.com
sbcsummitbarcelona.com
blerv.com
bestofstmaarten.net
zoreshealthcare.com
herenhancements.com
vietthiphotography.com
explact.com
stingyh.com
fraudnft.com
abdomenpkluwk.xyz
highpacts.com
dealsforsuvsil.com
loveminidoll.com
stoneysbc.com
nault.biz
engineshouse.com
entirelybella.com
sixtablets.com
aj03yansinbiz.biz
ginkgobioworks.store
nutrijuicepr.com
12monthmillionairetraining.com
Targets
-
-
Target
2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f
-
Size
244KB
-
MD5
ab56d27ab05f380a166ee2b9409a759b
-
SHA1
8fbda847f0969523042a9e9a0e1b2ce36e81d749
-
SHA256
2575df47e8e09da1f99edde3c9533468c1c76e271e354323bb410aab1bd5f02f
-
SHA512
6d824d2b1fc82298fe4b6d5bf735f3c88c272ed42134396a398481157812e1cd706ad915da4a7e64c7941e1898bbb0c8cf6c92602dd976618c270602e4a4a334
-
SSDEEP
6144:rGiK7P9Xjv4UPOth6tT+fzQrEdGUzlAsLRvDkE73Fb5iptZx9s:81XjO76Z+srE0URAkv7Gpt9s
-
Xloader family
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
qmhzftyxd.exe
-
Size
4KB
-
MD5
2281c1ed86f831c1fe3e0e9605f27b67
-
SHA1
492dce2fdc0859857277e4a4ac3b9bd6eb3cf966
-
SHA256
f7396efdcbc39e94a112ca8086d845b52ecbd9195516c9c9eff55491eee9f664
-
SHA512
be68d2f3eaa905172ebfc325320d86143ea84f31791b348a9e3b7004d3b2dc4c499f7d5e0f19419ae2d7be0d9277ea69876784214480dca120240abbe60ddc36
-
SSDEEP
48:S+NGKNw3WqIvYoPPhCO3Rq7IOdCVTnmquFRuqS:ZdqIv3pRQIOUVkfx
Score3/10 -