Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RFQ # PC25-1301.xlsx
-
Size
1.8MB
-
Sample
250114-gc411azqfn
-
MD5
0792874afc518221f07574f95f43f5ef
-
SHA1
a4d7f0552e1fff852db8b27e1409bdbf4bc46244
-
SHA256
161e3b6200af955772e00be88646b3c6332faca2e9867eedd9c41cc5a1b62876
-
SHA512
67896688ea410a2af33d3936dbf913e6b1941f826dc40cbe1bf29f96a0b8dc4b1595f7d1e74738de2bc891006f3327616a7f607d0adc077d62ac4a380f3e1d5b
-
SSDEEP
49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQd2:kmugO+6fV3GkdQdnhR
Static task
static1
Behavioral task
behavioral1
Sample
RFQ # PC25-1301.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RFQ # PC25-1301.xlsx
Resource
win10v2004-20241007-en
Malware Config
Extracted
formbook
4.1
hwu6
lf758.vip
locerin-hair.shop
vytech.net
pet-insurance-intl-7990489.live
thepolithat.buzz
d66dr114gl.bond
suv-deals-49508.bond
job-offer-53922.bond
drstone1.click
lebahsemesta57.click
olmanihousel.shop
piedmontcsb.info
trisula888x.top
66sodovna.net
dental-implants-83810.bond
imxtld.club
frozenpines.net
ffgzgbl.xyz
tlc7z.rest
alexismuller.design
6vay.boats
moocatinght.top
hafwje.bond
edmaker.online
simo1simo001.click
vbsdconsultant.click
ux-design-courses-53497.bond
victory88-pay.xyz
suarahati7.xyz
otzen.info
hair-transplantation-65829.bond
gequiltdesins.shop
inefity.cloud
jeeinsight.online
86339.xyz
stairr-lift-find.today
wdgb20.top
91uvq.pro
energyecosystem.app
8e5lr5i9zu.buzz
migraine-treatment-36101.bond
eternityzon.shop
43mjqdyetv.sbs
healthcare-software-74448.bond
bethlark.top
dangdut4dselalu.pro
04506.club
rider.vision
health-insurance-cake.world
apoppynote.com
11817e.com
hiefmotelkeokuk.top
sugatoken.xyz
aragamand.business
alifewithoutlimits.info
vibrantsoul.xyz
olarpanels-outlet.info
ozzd86fih4.online
skbdicat.xyz
cloggedpipes.net
ilsgroup.net
ptcnl.info
backstretch.store
maheshg.xyz
7b5846.online
Targets
-
-
Target
RFQ # PC25-1301.xlsx
-
Size
1.8MB
-
MD5
0792874afc518221f07574f95f43f5ef
-
SHA1
a4d7f0552e1fff852db8b27e1409bdbf4bc46244
-
SHA256
161e3b6200af955772e00be88646b3c6332faca2e9867eedd9c41cc5a1b62876
-
SHA512
67896688ea410a2af33d3936dbf913e6b1941f826dc40cbe1bf29f96a0b8dc4b1595f7d1e74738de2bc891006f3327616a7f607d0adc077d62ac4a380f3e1d5b
-
SSDEEP
49152:kTiDS2iZYJTg+uFfcdD+3GkdQFzhccnYmmAQd2:kmugO+6fV3GkdQdnhR
-
Formbook family
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-