Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92d513b02d847c14f78403d1fdc8b9dac55623dbb0f3f45db576059b39f36709

  • Size

    128KB

  • Sample

    220919-ce8prabfh2

  • MD5

    397dc819f398d4db9ff8abe75d322c3f

  • SHA1

    94da4a69f887b03a517e3cd06661d47f48279928

  • SHA256

    92d513b02d847c14f78403d1fdc8b9dac55623dbb0f3f45db576059b39f36709

  • SHA512

    79cb60d8f71cc799bf515a6de2d27588a27b0245213b8e1e6592453821e4715a3f928ba97ff69295743e91a218d9b54c314d78ecffb094f72a6c5c164c13d1db

  • SSDEEP

    3072:lnHXMpxcGxFyhQ0bOqYoxIcEWubRRWIhQ/WD5K969+a:JHmGY/o0o+hBbR5hQODo96Ia

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      239KB

    • MD5

      759cb81096a6fde1b9ede08255248159

    • SHA1

      cff5496d52b61098a04251c050c6e04b5ad13178

    • SHA256

      9a00a517d51a4750fefc9fa7bb471a7ab9de1fbaf3d37ade6442682987a628a9

    • SHA512

      8c44879a5a58addae21e521a87b5a3c6a466abb71dfc7e3db3026331f6b49cbbc27df4fc8f9e74cfcc1e69e64660bfd5cb3a0bf7096e48a385b9fa9df06c3794

    • SSDEEP

      3072:QBAp5XhKpN4eOyVTGfhEClj8jTk+0hijkEDboYxU044U/1K+Cgw5CKHy:HbXE9OiTGfhEClq9YEXoyDjURJJUy

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks