Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74343457e9c09a435949b1e6448324fa

  • Size

    100KB

  • Sample

    240125-kbjv8abhe7

  • MD5

    74343457e9c09a435949b1e6448324fa

  • SHA1

    561819c67f7edf55daa9fab8666f57b6ab0fff23

  • SHA256

    3b5a4731f3e52c7217a4e68feaf58cae6c3f0a3e35ea18b924efe9eeae1dec6d

  • SHA512

    cbcf75b59229e83bdff57b672e5c8a787ad35bf82b63ed9c33a9dd3edfca2c4900c4dca2f18861beb88812d2db8d519d6d9153e930acb1e3ec25cef3440cc636

  • SSDEEP

    3072:z47excGxFLPkH9SnbZDaajUVJcRw443hjzG3WA8ujM1jN:z+eGYtPk0Z+TJcRw443h/m6sM1x

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      150KB

    • MD5

      13064a1549e859958c07462c9b2f0a58

    • SHA1

      da6a8be2da028023ad9a350845eae67a64b5bf7e

    • SHA256

      dd8a4e021d917b7085788dcdf7d881c679a17416493fcf45ebbfedbed0df32ea

    • SHA512

      f28a80bb53fbcb0aed10248a69e7dfbb93671d689d3df6f73eb57b6220348c25cfdb3c0cf2f791aedd44267dba4401d5c0392a2da3f460f25b3509260d2fe533

    • SSDEEP

      3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hirrmrtA8ujM1jo:AbXE9OiTGfhEClq9dmLsM1E

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks