Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-DEVOCHKA.exe

windows7-x64

8

GOLAYA-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a232c808a1f28ffdf6edc917f6c3c39

  • Size

    117KB

  • Sample

    240202-v93fbsdger

  • MD5

    8a232c808a1f28ffdf6edc917f6c3c39

  • SHA1

    a494e2fd47a825677824d0d4ac8850ff04b166f4

  • SHA256

    c69f2c76e055788d4896956c8ed91e4d8d6f410f5c38e8bdd154bb727452f60a

  • SHA512

    290db64831770e9e607dd3a9eda71dc0e46e9ac941e1d5e360a88cc687786e663bb18c402e28e177a81cebe95f7e5866446926acd9932f483001a87a6617a83c

  • SSDEEP

    3072:Kl0img13tG90HdQ3SqtER11DhcriIg/8Jb1/lNQEzWWXcZAdePuw:KljpD9Q3TtA1tcg8JnNLFXIAI2w

Score
8/10
discovery

Malware Config

Targets

    • Target

      GOLAYA-DEVOCHKA.exe

    • Size

      239KB

    • MD5

      5ddfe645d3cbe2590b34e5afa2deb822

    • SHA1

      df310df675c59e8958aef6ce041e78118696ad5e

    • SHA256

      b13c0037e3ac532d246bd13e0e096509fd2fe9fa688de1bea39596368fa3341a

    • SHA512

      ccd3706dcd7dba5543187ef6375d34eee6a07807046386f7ab0540583a9f583f583bcd7157f2c756dbb0c08f399c65aca20652ee698378d2e255cd41ce7e4ed4

    • SSDEEP

      3072:cBAp5XhKpN4eOyVTGfhEClj8jTk+0h1Rqsrf6XFfuoyTNwTJSFya+Cgw5CKHG:LbXE9OiTGfhEClq9+6btJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks