Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0570c35505ec1e5442ade7038016be64a406015f10ae7b1796e92705b727aa56

  • Size

    99KB

  • Sample

    221128-eyexwsac8y

  • MD5

    d08505ed331c1d88378bc7a995db671a

  • SHA1

    de283a4086e2c8ead7ed2a607097e0de6e039f64

  • SHA256

    0570c35505ec1e5442ade7038016be64a406015f10ae7b1796e92705b727aa56

  • SHA512

    3b95c37fc740fa93a4e1d68f731eaf284c82c2f605d23dd2e9dfe76dafc073e5700c8a219fced6073d2349319aa8525815e695294a91b75e7573c12f08a3aa6d

  • SSDEEP

    3072:B47excGxFLPkH9SnbZDazFA1XdqXIX4UtjK:B+eGYtPk0Z+zO/qYK

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      149KB

    • MD5

      8038ebcd984916c69c58ede697dbe7b4

    • SHA1

      94e4561a06e0b423bc5b76c49234a977a869aae8

    • SHA256

      ae6226759da82fa559e63bc55b1e62a103c98fae2d246b81d43eae1826c99064

    • SHA512

      1acbf5b396f5e88c85ad4e86cf25ad2722f681d42c31bdc113f66c70a8fa6015da20af4a0418e75fbdb350c09c80785fd08e2161b5cdb5ae067636e5715355bf

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hi38puk4NUtjV:AbXE9OiTGfhEClq9qptV

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks