Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b43baef39458b218c6d27d42c2cbe2ace7c292645f80d62df37574c3a310a435

  • Size

    100KB

  • Sample

    221020-trnc1schfn

  • MD5

    9022e095d5bcd36391c3b2e6ef1f4690

  • SHA1

    f4ae40facddd1627e834a218839d2386734bd60e

  • SHA256

    b43baef39458b218c6d27d42c2cbe2ace7c292645f80d62df37574c3a310a435

  • SHA512

    d347742d2897a35808563f5efbb63183365baae7332fe77788edded6a0fdb0846fc13ec07a0515e2e17302b158a1f6080fbf98652e20c2bfb5a47592664738a7

  • SSDEEP

    3072:c47excGxFLPkH9SnbZDa90c4Dr0Mbn7sJ9jpy:c+eGYtPk0Z+9liIMb7w0

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      151KB

    • MD5

      809930b13ab2931e2f202d4ea80b00a4

    • SHA1

      2335da6fb96c9a4e6c43588f5a5d1015919c3d2c

    • SHA256

      06244859c7a207d794500b547d2d0783dc578f932c730c98a7c7102ed7704dd5

    • SHA512

      32ee15b2c48b84b443713227451a1c7e46d1f617aa8d5bb4288c8fbc1782f3ec42fc8bb73759252d27f1af74b2d2e6f59b19e0c1c0f86b7b255f56147dd81db0

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiToRmIdzZl57chknn7sJ9jpj:AbXE9OiTGfhEClq9achkn7wR

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks