Analysis
-
max time kernel
157s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
26/12/2023, 11:08
General
-
Target
GOLAYA-PHOTO.exe
-
Size
149KB
-
MD5
1a85fb803be48d4b605ebe3bfc4da62a
-
SHA1
2aa2b1a0313ea2b0f93a42c5c68a3dfc34f3be6f
-
SHA256
5b786fc82a774f220e3fc06b74a2f091d7aa30cdc84ed78851fdf1ea0932cb42
-
SHA512
2691bb8c2dd3b1612e38db8e1bb9ef73576b59af19ae6191f9741bc75f34361205ed684f1ce6151c0f9787f3dea22683444d32f6d47bc721e2a2dd000ccb65ca
-
SSDEEP
3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hiWC23gO3EwUGPN:AbXE9OiTGfhEClq9F23gO0wUGl
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Drops file in Drivers directory 3 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\GOLAYA-PHOTO.exe"C:\Users\Admin\AppData\Local\Temp\GOLAYA-PHOTO.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Produc\New\nuashks.bat" "2⤵
- Drops file in Drivers directory
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Produc\New\nadopilitsa.vbs"3⤵
- Blocklisted process makes network request
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Produc\New\samisok.vbs"2⤵
- Drops file in Drivers directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
269B
MD5f8e76085c4bab58dcb161028c3aae9c9
SHA1764af0a064b08e40beeab421df76d3c7fb389c75
SHA256e7388abfc5e55e53c9a06f74e6000107b15641c3d99fe89d9f990584049b4ad6
SHA5127c557fdee8163233be08a494955b02af789d37fefc5429b966079c83950f4b79ec50c7f521ba0cc72cb762c300ab96ce72c1bc90a3eca6eeed67e1a2614a8b61
-
Filesize
48B
MD57215ed14e21d41517551593a906dfa9e
SHA1572ec6424f46b19e5b1a0ebcb58df8efadaa37aa
SHA256248f4f03a3bac68d3f2231e72dcdb82d16ba4a49631306e231200c36a4d7d6b6
SHA512c81fcc628b6178017cacdbf7c57b5bd3304ea1e6a43b4c8164082f6d701f7f03c16d3026b011819ee76cb4609ca8c00e70566382cd839fba9fe714e1d0a1f7e5
-
Filesize
3KB
MD53e4c3d96bb56bf7fd6de66b193f86d04
SHA1cf58adf14aa9cf5c4ebe270edd10910d88180bde
SHA256e0eb677d3ad428b7760958924f2701654b40b6de1059aed2a94174ca5ec50214
SHA5126037db447934cd702d7bfbbf0d918fccf54c341dae8a9148dc5f2cbf4226184d9b6eec47196a0ec98bb70dd78dcc1bcdc0c12c542c5e7459460d1c4cd99b563d
-
Filesize
27B
MD5213c0742081a9007c9093a01760f9f8c
SHA1df53bb518c732df777b5ce19fc7c02dcb2f9d81b
SHA2569681429a2b00c27fe6cb0453f255024813944a7cd460d18797e3c35e81c53d69
SHA51255182c2e353a0027f585535a537b9c309c3bf57f47da54a16e0c415ed6633b725bf40e40a664b1071575feeb7e589d775983516728ec3e51e87a0a29010c4eb9
-
Filesize
790B
MD5a72404d8d2ce31b6373ae35bb11e9de2
SHA172bbc15ccb7823161482cc2997bd02ec212b9f4f
SHA2563c9a8a034780f0a757c06db040a8342a3f9331f150ebab6144beee795fa01ae2
SHA51229d871a39dc174f364ee4b04d34be54f4369178c2266ff62090866a428bc69c6b7f54ac10d2a48ef73d2d3b531966f6597be55ee3e9b25eb4746b4a0f884f900
-
Filesize
1KB
MD5d9a93296f8c62ab96271667c72d7a3b3
SHA1abcf5a6ed773cfc978fc2176138778ad406c188a
SHA256f6c84e7c7fced4ae3ee3ca143fd5e134a183eb1e2f67ab71a6e9a902596be993
SHA512f91de9fbc57397c895aa1bda0ed18601711b1da377ceeee9d5a5ff48a4a3ba2e4feaacf3c64475c07daf584d6374e79d8206a49d1e25bc3044b2e4b6c7d4bd02
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB
-
Filesize
136KB