Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    008513b2b1beeca84147014c78a23b7b

  • Size

    125KB

  • Sample

    231225-c5837scber

  • MD5

    008513b2b1beeca84147014c78a23b7b

  • SHA1

    dc67f11741c2b27a43f0218d81d23c664c74ff84

  • SHA256

    f338498d3416bb8a1c5d5dd6ed71d1b42e07efcded074dd4a7f0ac1de057eba0

  • SHA512

    30f8a6af7190637d4b3bd26cdfa65ca5cf263c0be4b5d30d81816fc9c43013992e9dfa7d88f0d744ef28ff6902d4a9b4e2d3fe3e85a2f0e90a26884affcacbae

  • SSDEEP

    3072:2l0img13tG90HdQ3Sqtc8vPfvvaKRUwKu5FYeL0DyjXJXfmg:2ljpD9Q3TtVXva7GuegDYXJ1

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-DEVOCHKA.exe

    • Size

      238KB

    • MD5

      e0dc7a4c82c9bffab032065a62bc4989

    • SHA1

      4c8ee314865e3c675e9ee87c028b8787ff293d97

    • SHA256

      df2e738b57c80542a302150d46efaf0d94cac05ff102ccf71975bffab3b2a845

    • SHA512

      3a99a2960697d88d20cf09c97cccb7076c475a718e715c6c384c501e49533da95eaec04aa25b559829393e81b847fc6473e6601969bebfb8a8a889711d9e0faa

    • SSDEEP

      3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hqbPBxjCPf+Cgw5CKHq:WbXE9OiTGfhEClq9H5kuJJUq

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks