Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dd568ed62a203e48383bf16bd95099c

  • Size

    96KB

  • Sample

    231226-da4qnsbbbk

  • MD5

    4dd568ed62a203e48383bf16bd95099c

  • SHA1

    f3e0741ae9b99ddd7463780244db29a390532189

  • SHA256

    6469cdc62fdb11834beb6461d2678729569ae4834984f66d22b71d110bf464de

  • SHA512

    86b024b095dfa0258d7036c0c73867fba42ce069850ec7f53efc1772c79478c8be7548bf3f228633e3d4df046d65460d82198fb51c6dd232097c88fd22d86da4

  • SSDEEP

    1536:IQWQFGFI/PvgCRN59/i3RC9AYv3AOwAgMkAlwDa7EIJ+cKSDR53:Xrz/BRgBWXyxIlMa7EIJNJH3

Score
8/10

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      180KB

    • MD5

      02c11f1ec6c372847460c9afd76390dd

    • SHA1

      032ee4e4369c55489abc2971a8b2c295e368b780

    • SHA256

      4c9f213973c5144faafaad68cb94b809519752309208b998bb49621f02d8eabf

    • SHA512

      1910f7447c783469c0853629500de9335717cb19e083a1502bee7031c26a3738535bfd5d74b7dafa1034a6b8079fe0482aba165f40598b410c5a8a8304a0d2fa

    • SSDEEP

      3072:VBAp5XhKpN4eOyVTGfhEClj8jTk+0hvA8DN5TcKM4xoawC3Tw:wbXE9OiTGfhEClq92A8DP1Mvabk

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks