Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-GOLAYA.exe

windows7-x64

8

PHOTO-GOLAYA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7fcdf60396a68c70d2154bcca0c94495

  • Size

    128KB

  • Sample

    240129-pcslzaheb5

  • MD5

    7fcdf60396a68c70d2154bcca0c94495

  • SHA1

    111ab4b685171b47e8fe978a60306d7f54a94fee

  • SHA256

    248c4005ba8acd430ae450664273576d82ea3dd40daa557a0331180eb7b37a72

  • SHA512

    e7be16943a95e661e268356f49caffd43ec7881acdb25da51ff86698040e4d976f7b35040ff90d6ec9bd3cd1a87a3ae1e3473ba9fe6d0d6963a943fbe3a2740e

  • SSDEEP

    3072:GnHXMpxcGxFyhQ0bOqYoxIcEWubyugb3qMtbMGiccxrnwpt:iHmGY/o0o+hBbW3qu/cLmt

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-GOLAYA.exe

    • Size

      238KB

    • MD5

      2e3a85fe7f547ed4ca30b9fc131d369e

    • SHA1

      d3daf378467bc794ec3e93f9789f128bd8041ab6

    • SHA256

      692244bdd8b7d3161f0a39836d6595926ac2f7917cee12a2d2646737842a9a7f

    • SHA512

      cb0fdd92fe53136137d7a77225894d8d6948c5684cceabdf194af16742a70c10042374fe75d24673e8281b4fdd0e782d3986009879f50a7c9354b40ad1001cc6

    • SSDEEP

      3072:QBAp5XhKpN4eOyVTGfhEClj8jTk+0hijkEDboYxU044U/14+Cgw5CKHm:HbXE9OiTGfhEClq9YEXoyDjUPJJUm

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks