Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9970eba38e5e7952be87aa4b2e3c8469eee16dfad3e788f88c6b9b07bf49b24a
-
Size
293KB
-
Sample
241121-ytaxxswmft
-
MD5
5d9340c91877bbe155ef607f75d50e05
-
SHA1
25ba2c222817a2372c23a0d1c3997c1e10db2528
-
SHA256
9970eba38e5e7952be87aa4b2e3c8469eee16dfad3e788f88c6b9b07bf49b24a
-
SHA512
61cccf5d2b75b2cf383aaed0b0da0c4c0ef04f5e24969ae7cfb0e5c06e8b33833115383976a714371384fd9cd54999065241755b6263ae5175018fba8e9cb027
-
SSDEEP
6144:n0Rx1kQTM0Z1fJ9XhFdk9fBqe4Q8S0Om9Dh0thNRt3R854OD:0Rx1WUR9xFd410d5CtyF
Static task
static1
Behavioral task
behavioral1
Sample
f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
tppxqd.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
tppxqd.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xloader
2.5
op53
salamdiab.com
pysznepay.com
braktonem.quest
z5jgazn.xyz
jungleking.online
for2play.com
organizedkay.com
bitsgifts.com
autobras.online
paghosting.net
waltersswholesale.com
seculardata.com
hsa-attorneys.com
genyuandl.com
metalcorpperu.com
jasbellyfusion.com
weddingtowifepodcast.com
69xibao.xyz
dsp-energe.com
jantfencingandsheds.com
neurosise.com
equito.agency
drivelingo.com
cpybc.com
xcybook.com
accountingsoftwaresusweb.com
balatonartcenter.com
aaronlala.store
fourcrestaurant.com
024labs.com
mypartners-april-investors.com
979511.com
curatedcraze.com
mokkaoffice.com
jlhvz.com
longlastingoil.com
moniqueroerdink.online
nowosee.com
tinturas-plantas.com
gbnagkvr.xyz
chrisdaughtryfans.com
trinsity-solsar.com
xn--80ajy8a.xn--80asehdb
metaverseloot.club
certipsy.com
bez-part-ufa.xyz
cq396.com
blantontransport.com
liberatoreshepherds.com
arcade24d.biz
thehelloloveshop.com
cindercapacitacion.com
garageair.agency
wakasenninshikirenaitechnic.com
aleksandartaskov.com
oakiedokies.com
xfdtiz.xyz
tecnophone.net
bctransporter.net
deluxeinterior.design
futureoneafrica.tv
uniquesi.com
novregen.com
macadamangel.com
detentionart.com
Targets
-
-
Target
f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a
-
Size
367KB
-
MD5
2818c9adb483309e0d5b2515b41a1507
-
SHA1
6f30bfff6c27aef73be247dfd2333b6845876afc
-
SHA256
f42692e58c63c0e14de4ce2bb31a92cb1bc5dbb11d0989f1619778fd4b7e2c5a
-
SHA512
b8b212bf7f7d0f28608681a3a65ec696f1f302aefc8fb1e37ff53df07e6b3a7a3a7f5650ddd0b897f7681a892129feebebc968deddb279c1808a7154d1128b19
-
SSDEEP
6144:TGiSUQepf9SGF0VBfXxG6xbXKJArYr0hOZg2guur3Hw03:mUd132BvIObXKeYohGLI3R3
-
Xloader family
-
Xloader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
tppxqd.exe
-
Size
114KB
-
MD5
3a4bc4e7fa9caf7ebc996222816d9ec2
-
SHA1
15e37286a7982a35092559743e7a2aadb2300a64
-
SHA256
56cd59981b0b8cf25d7d51c96b1cba9e300bc002a01030a08eb58ea30c015ef7
-
SHA512
26c6481987b859922c504fdc353cc1819943d9fbecea38cb01b0c708566788aca4fa5ff56c3e8f7a12be9be10dbbaca517f7423c00eb79d494cc83996a67b448
-
SSDEEP
3072:A28njJvoy4CBdK/v+rm2LM+bGqEc1oQAoo7tB1cgh:x8njCJCBdKH+r2qEUoQ2
Score3/10 -