Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
-
Size
1.3MB
-
Sample
250109-zyzbra1mez
-
MD5
0d5d79a8b715e13a26e6579f1d47c0d7
-
SHA1
408402dcc517ab7be7957ff867b7464cc1465334
-
SHA256
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
-
SHA512
d2642be20a3f7114ee1caec6253caebdb213709590ba14051391eb72f0f10018fa634db5ff735a88e9ff2aefdf5af208bd3cadb5b2dec070bee8bbd7decded05
-
SSDEEP
24576:KngpIDsJ34JbFQ4YBolrs08Qt/horbWgMhSpA6+jzfievtzAQSX1:KnYmscQ4goBsmYBMkuNjm4tuX1
Static task
static1
Behavioral task
behavioral1
Sample
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618.xlsx
Resource
win10v2004-20241007-en
Malware Config
Extracted
formbook
4.1
hwu6
lf758.vip
locerin-hair.shop
vytech.net
pet-insurance-intl-7990489.live
thepolithat.buzz
d66dr114gl.bond
suv-deals-49508.bond
job-offer-53922.bond
drstone1.click
lebahsemesta57.click
olmanihousel.shop
piedmontcsb.info
trisula888x.top
66sodovna.net
dental-implants-83810.bond
imxtld.club
frozenpines.net
ffgzgbl.xyz
tlc7z.rest
alexismuller.design
6vay.boats
moocatinght.top
hafwje.bond
edmaker.online
simo1simo001.click
vbsdconsultant.click
ux-design-courses-53497.bond
victory88-pay.xyz
suarahati7.xyz
otzen.info
hair-transplantation-65829.bond
gequiltdesins.shop
inefity.cloud
jeeinsight.online
86339.xyz
stairr-lift-find.today
wdgb20.top
91uvq.pro
energyecosystem.app
8e5lr5i9zu.buzz
migraine-treatment-36101.bond
eternityzon.shop
43mjqdyetv.sbs
healthcare-software-74448.bond
bethlark.top
dangdut4dselalu.pro
04506.club
rider.vision
health-insurance-cake.world
apoppynote.com
11817e.com
hiefmotelkeokuk.top
sugatoken.xyz
aragamand.business
alifewithoutlimits.info
vibrantsoul.xyz
olarpanels-outlet.info
ozzd86fih4.online
skbdicat.xyz
cloggedpipes.net
ilsgroup.net
ptcnl.info
backstretch.store
maheshg.xyz
7b5846.online
Targets
-
-
Target
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
-
Size
1.3MB
-
MD5
0d5d79a8b715e13a26e6579f1d47c0d7
-
SHA1
408402dcc517ab7be7957ff867b7464cc1465334
-
SHA256
13441db4f2c8574a8d90d1b5167b1f4b81bbdcd77a1e0ba44517017874d02618
-
SHA512
d2642be20a3f7114ee1caec6253caebdb213709590ba14051391eb72f0f10018fa634db5ff735a88e9ff2aefdf5af208bd3cadb5b2dec070bee8bbd7decded05
-
SSDEEP
24576:KngpIDsJ34JbFQ4YBolrs08Qt/horbWgMhSpA6+jzfievtzAQSX1:KnYmscQ4goBsmYBMkuNjm4tuX1
-
Formbook family
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-