Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e0103e054d24fb397a17c2a0d172a4a3
-
Size
91KB
-
Sample
240326-zk575seh31
-
MD5
e0103e054d24fb397a17c2a0d172a4a3
-
SHA1
b01522672b05e2553e0b3212a0d8f9596e2c760c
-
SHA256
04082b328e22f00b2d15aaac46a69dc211d49816e1641be0c3a803c1d0443b35
-
SHA512
0e6defa7177ebf784eb921f4813f8fc864a7a9c9f8d5fc877ec8b8754b24d10c143a4dd6e291492233e021998a6f42d6fd5f4e95f7c7ea3f7f14711ae5f930c8
-
SSDEEP
1536:SQwHfvMS0xcGxFyhQkrnb1Mq9WbJOnMA+txGFCr6cXp4xkPdh2B3Se7yN5c:SnHXMpxcGxFyhQ0bOqYuc6c7P6d
Static task
static1
Behavioral task
behavioral1
Sample
PHOTO-DEVOCHKA.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
PHOTO-DEVOCHKA.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
PHOTO-DEVOCHKA.exe
-
Size
180KB
-
MD5
63f222fa3dec54c99fa71bfbef798cab
-
SHA1
a6aa7dca45be30f5f1f0a2c0cf24c15637fe33f4
-
SHA256
47bfc569cb27c9596d81d144a9af37d5f378dcdaf73d6c416b86362739354b8f
-
SHA512
75c8086cd6dce1433e426f8f65d893130847b0ded224a4c6f26ebc6ee1ef9a33299da4f8902067697717b3cd8e4a855018929fb8d562c9581e79d023ae46e2df
-
SSDEEP
3072:eBAp5XhKpN4eOyVTGfhEClj8jTk+0h+tzYOuIPA:1bXE9OiTGfhEClq9dYpII
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-