Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    0s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GOLAYA-DEVOCHKA.exe

  • Size

    238KB

  • MD5

    e0dc7a4c82c9bffab032065a62bc4989

  • SHA1

    4c8ee314865e3c675e9ee87c028b8787ff293d97

  • SHA256

    df2e738b57c80542a302150d46efaf0d94cac05ff102ccf71975bffab3b2a845

  • SHA512

    3a99a2960697d88d20cf09c97cccb7076c475a718e715c6c384c501e49533da95eaec04aa25b559829393e81b847fc6473e6601969bebfb8a8a889711d9e0faa

  • SSDEEP

    3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0hqbPBxjCPf+Cgw5CKHq:WbXE9OiTGfhEClq9H5kuJJUq

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GOLAYA-DEVOCHKA.exe
    "C:\Users\Admin\AppData\Local\Temp\GOLAYA-DEVOCHKA.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ustanovi menya plllll\life is life\when_we_a_fill_the_power.bat" "
      2⤵
        PID:3860
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ustanovi menya plllll\life is life\Tocausetofallby.vbs"
        2⤵
          PID:2204
      • C:\Windows\system32\backgroundTaskHost.exe
        "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
        1⤵
        • Drops file in Drivers directory
        • Drops file in Program Files directory
        PID:3860

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\ustanovi menya plllll\life is life\Tocausetofallby.vbs
        Filesize

        1KB

        MD5

        d5c076efab21915890b60103ba4dea62

        SHA1

        6104aec036a1d35a73bc96a15cd710b7b94cc017

        SHA256

        06cd19654663204db930b866e06df3c7745beac1480e8f171944c5ca6570a6eb

        SHA512

        51540e75df6682b1b664933b2f71adc211a42ef0bf821999bd1c23f7eaf9c88dfc56965046ecac1f9d00aecc854ed2a9c9a78be0e8a5167733eebd152911e2f9

        Download Submit

      • C:\Program Files (x86)\ustanovi menya plllll\life is life\everybody_lie_life_is_life.gol
        Filesize

        112B

        MD5

        a97805a7dcdf57804ebce37d2599a681

        SHA1

        99cfacb04b6bbe087d6c46e3d920ba9ab0a4f056

        SHA256

        0c6fa09a4144b4313cd2a859b98b622f836c1ea311d84aca4dcd25f706d35039

        SHA512

        dca01920001d10435669e51f2ba65159e9997bc0e4a3f12e0b52b66061e402194d01ac8cfd74c53499cdf59aa9f6adf3fa0e5e73b6ef1d4c0e8a5bc9955ab1c9

        Download Submit

      • C:\Program Files (x86)\ustanovi menya plllll\life is life\when_we_a_fill_the_power.bat
        Filesize

        1KB

        MD5

        e819314328e0c47a39b66f0bf114cd98

        SHA1

        6dac75be2070f88880815da7c2a9c42fdc574d2b

        SHA256

        485fd37cae37024811d76da56012ae72625d74681e714493176aca7970a4611c

        SHA512

        14819cf355ac637fea3bc39a342c781376e18963e038fb72c3f4aa4e6444fc64e85d4529c6e9f90b4581154df22c7554887c63e5dceeb66ca950f779d0eb5790

        Download Submit

      • C:\Windows\System32\drivers\etc\hosts
        Filesize

        1KB

        MD5

        4fccb4d0b47dfce4da0002ee30fc74e6

        SHA1

        e5e9311650e7631800cd404d2aa7df00e4b169d3

        SHA256

        2554b9fc2dd8cdb75ac6e3650a9b5fe0b90d40a7bb04625b021aaf6d0e1a1499

        SHA512

        951e1f0a5636052f32b7990201cc1d855d8bef07fd247fe95f87dfc20c314c3945fecb549e402445543fadd60c5c46db4d028391a690c84bd6a8308d335adacd

        Download Submit

      • memory/968-39-0x0000000000400000-0x0000000000432000-memory.dmp

        Filesize

        200KB

        Download

      • memory/968-41-0x0000000000400000-0x0000000000432000-memory.dmp

        Filesize

        200KB

        Download