Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    561132fc8f277292517d2fd80a8e5df0

  • Size

    99KB

  • Sample

    240112-k98l8sdbgn

  • MD5

    561132fc8f277292517d2fd80a8e5df0

  • SHA1

    d432b9d3bffbb78a78561df40d5e896545f4ebf8

  • SHA256

    56d31f6ee3447e31231f740adfc9e91095bd85a561e96c3944b7485ebe9127bf

  • SHA512

    8fb1211981429f5d4b3fe7c1cbc24abd65f05888b3254ce5f435979f7480334519dab94890e253701cba972872a1239fab9ee86455195e3b43d67b0c8192f121

  • SSDEEP

    3072:147excGxFLPkH9SnbZDaJlncrq6NqMi6nHL0:1+eGYtPk0Z+/ceOqSnQ

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      149KB

    • MD5

      86963b99db7a9d6660798be28b910d61

    • SHA1

      99c2e0024d8bf88f592b445d7f33fa82d19a27e1

    • SHA256

      4d290ca6bfc7bf253d6c7e40aa8e72f664bc461953e07a0e6461e2f460d0f8ec

    • SHA512

      ea5d866e2a0372dd5376a0e45cafe2906b1206c59b86339c9588a1c98b734ec2fcd331e9614b99857fce5f7626614dfac422ed3ba49a57082e52361b2fc33555

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hir1X1sVys8qMi6nHL2:AbXE9OiTGfhEClq9dd1I8qSn6

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks