Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHOTO-GOLAYA.exe

  • Size

    180KB

  • MD5

    05dcabe4947ada380eb48cf90eb0aa6f

  • SHA1

    d11c9319a518ddc14dc62cc138d074b1d908c924

  • SHA256

    53b296ba46752bf57d298dfe5ba8b011574253199e57ffd8c8786bb16f642f49

  • SHA512

    a336ca962fe97f329fa6968e2532096a0051e5f124c20c7ba74d6688e5b15b2f34980b56f2b6f1e5ff3a53a05936510f22841279497ca50061e5c3fc55ea1614

  • SSDEEP

    3072:nBAp5XhKpN4eOyVTGfhEClj8jTk+0hJiH8ga2EPb9ePlO7/IQ1bvatjKv5sK2DdH:qbXE9OiTGfhEClq9j8ga2+b9ePlO7/IR

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PHOTO-GOLAYA.exe
    "C:\Users\Admin\AppData\Local\Temp\PHOTO-GOLAYA.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\hulioeglesias\give me malchik\ebi_manya_kon\so_my_name_is_brus_dick.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:2540
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\hulioeglesias\give me malchik\kandyvi\krasota_ta_kakaya.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:2636
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\hulioeglesias\give me malchik\kandyvi\prich4ki_pouuuuut.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\hulioeglesias\give me malchik\ebi_manya_kon\so_my_name_is_brus_dick.bat
    Filesize

    2KB

    MD5

    d515dbabc1d4148509640420b7a56dc7

    SHA1

    5e3c3c4ae1882bd0aef3d9a3cbd527f2fdad6cc1

    SHA256

    db87b544d4eb7fb04ab140aaa18afa2b985f1636b19605715d22db93a2369063

    SHA512

    0d5140346185c9ebcc2447b33e4c279449ed8c5ca7b9ec961135848a4317ee79093a3f514f77d9c18bb337ca367375f15ac7b00493d0ffe2ac99836a4a9f808c

    Download Submit

  • C:\Program Files (x86)\hulioeglesias\give me malchik\kandyvi\ebi_manya_kon.rud
    Filesize

    33B

    MD5

    7d94f52916ecca6d3c68eb13ab68a2ab

    SHA1

    f40da9aa43d2208ab2ca0c0792572588b5f54c02

    SHA256

    354b2baf1b5a08368077e053984063a0a94736e16d3d77aa259e7d212e50b92a

    SHA512

    c15e0655df3a745949926ff7b783b565a137916a3dfc52f15698643ac8405223259d2ae7641e4d4ab572f926cd0b192a500ef10349cab60b1e92da838497fd0c

    Download Submit

  • C:\Program Files (x86)\hulioeglesias\give me malchik\kandyvi\krasota_ta_kakaya.vbs
    Filesize

    899B

    MD5

    c99bcd3152c111c27332bfc299c30379

    SHA1

    114b6dff436d74f361d8ca0b5bd4978adc3e9346

    SHA256

    8c7cc60f62079e6e6970ad0930850c114b22ebf4214310d4401159782c0ce111

    SHA512

    0f7b76e06cb6a4b7bf4a137a8ff24d51d32d266df43c1be54cf6185c00bb9fb621b587f58281684dd583e1ca58d0343e8d507a96e186f6a635dc8ff964e312b8

    Download Submit

  • C:\Program Files (x86)\hulioeglesias\give me malchik\kandyvi\prich4ki_pouuuuut.vbs
    Filesize

    700B

    MD5

    a7d73318a92af8e3cfc771049d3edfac

    SHA1

    d9c5ab0e91ea4c71d8d9591f2851ca9282e3523e

    SHA256

    20b0d215ab3b82e181190a170660f0e9f816b149169001e6ca2daa08101ff7be

    SHA512

    c313aceb921c76d6c3bf0b35bfadff5a2479781a588300340ead4258c0ba4d6adb29a566873e981f8fed44a53b7ec88611c1d4366cb873743b472ba8a4f449df

    Download Submit

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    1KB

    MD5

    25ee27baa31c59fdf6cf5d18955ef985

    SHA1

    51d4725afa6d997cb7347c60a7d17485a8fb2ea7

    SHA256

    75daf3b3c78bc2038351bee72d6036edf869f7106da7366722b1cd03f26f195d

    SHA512

    8a4e1f971b8158db5df7b24b8f0d317d2397209c21ab07c6e6014bc767bbc95e32093fb59e2e67369687c9ed024ff6d354652d02424a8050500a410369abe12e

    Download Submit

  • memory/2216-43-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download