Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

GOLAYA-BABE.exe

windows7-x64

1

GOLAYA-BABE.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 19:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GOLAYA-BABE.exe

  • Size

    239KB

  • MD5

    6839c4c1e533bdef312fa9501b7cd622

  • SHA1

    0a4a288e686a64c0d926e5d5c7ddd46ec7eeeaa1

  • SHA256

    5b40e9c2a5bbd190d09eade750b1ce1a48887f6822a3e8a4cf3f927c38088982

  • SHA512

    d0cafe97a7ab0444424d88d6fddbe2bb0bc9d33abaaeec21101388982d40728d5114d30d1d9b3f7b5d0ea77cbfc6f8067256d4cd7613d14de74ccd196a1dd954

  • SSDEEP

    3072:MBAp5XhKpN4eOyVTGfhEClj8jTk+0hYoO/MgjqEWBz+Cgw5CKHy:7bXE9OiTGfhEClq95/MgXJJUy

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe
    "C:\Users\Admin\AppData\Local\Temp\GOLAYA-BABE.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    PID:3380
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\lop1\piccoloucioamepiacanutella\olologggg.vbs"
      2⤵
        PID:1504
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\lop1\piccoloucioamepiacanutella\pizdaxui11.vbs"
        2⤵
          PID:1124
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\lop1\piccoloucioamepiacanutella\Dogma.bat" "
          2⤵
            PID:4720

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\lop1\piccoloucioamepiacanutella\Dogma.bat
          Filesize

          1KB

          MD5

          c116ccc255832c552d663600eb1d142a

          SHA1

          bfe7637478bbcbee0253df07cd2d20d3e7e5c04c

          SHA256

          10be330e7e4da276d80edb4123f37610b8284b77b6b5f809fc128558d44a2560

          SHA512

          00eee11e8efa70bd728c182394d15063c5f192f4e673cd64930a77735c28cd8944062ffe06eaeec4b9e8e5bb259d1d61eaf6074018d2bffa99d9c9641f9a7688

          Download Submit

        • memory/3380-46-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/3380-48-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download