719d1250f234275a1721437c74fbce5f04171eaf1383ababb7b5634c4f18569e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

GOLAYA-BABE.exe

windows7-x64

8

GOLAYA-BABE.exe

windows10-2004-x64

8

Sharing

General

Target

719d1250f234275a1721437c74fbce5f04171eaf1383ababb7b5634c4f18569e
Size

100KB
Sample

221002-2qdfesdhh9
MD5

774c0b881651026324f5b994cb09e490
SHA1

7c1746ca20681b7905cc5997492006f4be42ed1e
SHA256

719d1250f234275a1721437c74fbce5f04171eaf1383ababb7b5634c4f18569e
SHA512

21c86c60468a3e3465919a091eb665cfc676e48d0bdd09d7bba167546552e656a37b6eaf5a176e00b63dbb68c7949ec852b844635d1be2d5887a17dc6b811a5e
SSDEEP

3072:847excGxFLPkH9SnbZDaZRKc3vAHZlUz8YwjajE70zw:8+eGYtPk0Z+Zd3vjvgTGw

Score

8^/10

discovery

Static task

static1

Behavioral task

behavioral1

Sample

GOLAYA-BABE.exe

Resource

win7-20220812-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

GOLAYA-BABE.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  GOLAYA-BABE.exe
- Size
  
  151KB
- MD5
  
  732332e3aac9fae720a0f66d77ad2e7d
- SHA1
  
  9c6880999778d124a28d9866a617b7077837de39
- SHA256
  
  284436b0d48891c7b96d813bb56af83856f8ba881170cc6b0bc9f538af04e492
- SHA512
  
  03322a54ed3d494e68e88e41cbffcd18a06e163452a44da0c70423b7b8db423d00695f5e6b1cd968be7a6517f533a11df54a2c9faf1a26fc67833fbb3798a053
- SSDEEP
  
  3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiloRmDdzZl5ZX9iPd8YwjajE70zq:AbXE9OiTGfhEClq9JkdvgTGq
Score

8^/10

discovery
- Blocklisted process makes network request
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy