Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    473777496948ed3ad71ece26a5e5bd47fdc674ed4c4201d1c1f562ec4233e5d3

  • Size

    84KB

  • Sample

    220919-vky2lshfc5

  • MD5

    59f9d110deafd2a29dc90aa0793873c9

  • SHA1

    ecf65a2ed22fa2b7daabf68706183789dc57f099

  • SHA256

    473777496948ed3ad71ece26a5e5bd47fdc674ed4c4201d1c1f562ec4233e5d3

  • SHA512

    644671881e1ae2f90b61840526615ff14f3fd1a653ac91dedbbd6c779bd1c244ec61fb36fb422ee76e394ce0b90f943762780d53b535eaf84d617148b9f5b348

  • SSDEEP

    1536:CQwHfvMS0xcGxFyhQkrnb1Mq9WbTs4AWf8VGKwki4JG/PZd1Z5QQ:CnHXMpxcGxFyhQ0bOqY/X8VGKEyG/xhj

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      181KB

    • MD5

      c1eac9961bf688d75ec96b4d38eedfde

    • SHA1

      af7224a1329c61d9057496428cb95c7cebb3f584

    • SHA256

      de19911598a83d5b504cf7b4c24f5f6f8b68dcc6b72b8f79c3b2d353c93accfd

    • SHA512

      c0f76c82c57da5f52deafd3c7b6ec17dcf9653d4ac7f488645743cd61f43dcf196d6647fa6de2345c8ada61a03aeba2b73d9bdd7162689df0a816311ebc9e01a

    • SSDEEP

      3072:xBAp5XhKpN4eOyVTGfhEClj8jTk+0hUEQT3a3:0bXE9OiTGfhEClq9rEQo

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks