Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
-
Size
330KB
-
Sample
241121-ysdx7azrfk
-
MD5
1aed40a6d6905d5925b73ed69e2abe5c
-
SHA1
9db9a82acad118dc6982aebbeafad0da4275761c
-
SHA256
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
-
SHA512
d081ffea933add3fc01fa413503a28c4b7ecbcabff7adecaa7be2b827de87b116e9b7c5d30c402a2a70a3bdd42590c604ff8c179f2135df71c461aad2618c65e
-
SSDEEP
6144:rGiWFJ+xCSNOoUApGXSgXra44WmkXOf21pNvdwSnNZ6hER+LtZwNANh:mc1peSyJTmOOydwSnNghEUN
Static task
static1
Behavioral task
behavioral1
Sample
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
sktwcrbcw.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
sktwcrbcw.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xloader
2.5
p2a5
gorillaslovebananas.com
zonaextasis.com
digitalpravin.online
memorialdoors.com
departmenteindhoven.com
vipulb.com
ruyibao365.com
ynpzz.com
matthewandjessica.com
winfrey2024.com
janetride.com
arairazur.xyz
alltheheads.com
amayawebdesigns.com
califunder.com
blacksource.xyz
farmasi.agency
ilmkibahar.com
thinkcentury.net
eskortclub.com
trc-clicks.com
negc-inc.com
knightfy.com
rentalsinkendall.com
semikron1688.com
755xy.xyz
primespot-shop.com
securetravel.group
luxehairbyjen.com
augpropertygroup.com
xinlishiqiaoqiao.xyz
naggingvmkqmn.online
pynch2.com
awarco.net
booyademy.com
244.house
574761.com
haoshanzhai.com
dubaiforlife.com
acidiccatlsd.com
amotekuntv.com
runfreeco.com
iamaka.net
599-63rdstreet.com
cakeshares.com
evengl.com
joinlever.com
cyberaised.online
genrage.com
walterjliveharder.com
northbayavs.com
spajoo.com
ypkp-com37qq.com
dautucamlam.com
installslostp.xyz
bisbenefits.solutions
espchange.com
exteches.com
utilitytrace.com
468max.com
835391.com
shoptomst.com
pingerton.online
avpxshnibd.mobi
cupboarddi.com
Targets
-
-
Target
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
-
Size
330KB
-
MD5
1aed40a6d6905d5925b73ed69e2abe5c
-
SHA1
9db9a82acad118dc6982aebbeafad0da4275761c
-
SHA256
2420028d36da51aa0dae20755b04a555fd1fb943900b92694dd07b98a240fcf8
-
SHA512
d081ffea933add3fc01fa413503a28c4b7ecbcabff7adecaa7be2b827de87b116e9b7c5d30c402a2a70a3bdd42590c604ff8c179f2135df71c461aad2618c65e
-
SSDEEP
6144:rGiWFJ+xCSNOoUApGXSgXra44WmkXOf21pNvdwSnNZ6hER+LtZwNANh:mc1peSyJTmOOydwSnNghEUN
-
Xloader family
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
sktwcrbcw.exe
-
Size
168KB
-
MD5
e0e19fe43a0197178e47411ecac579d9
-
SHA1
df75c86efc582b3ae29dc024f1daf6355a039ccb
-
SHA256
9c9a983c1bf4fa89f56449f43b4cee03f21c707e517da90ee010d43ccb451388
-
SHA512
ce1792cfa792130031e46888bed40ff70c3c1d5713d99daae220c598d8705adf7367638615081db9f9b50e41981514a36eb5a554e5373ff6adc12c73869f8800
-
SSDEEP
3072:pORNym+dox03cMBQhqyo0mh2+WBBO08cs7EMBkeqCBW8:pNdoxYccQhqyo0q2rBBO0YoikNCo8
Score3/10 -