Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-SEXY.exe

windows7-x64

8

GOLAYA-SEXY.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/04/2024, 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GOLAYA-SEXY.exe

  • Size

    180KB

  • MD5

    b5bfc25ec5d0d2576975e6df14cee8f2

  • SHA1

    ff48876248f0f0ff668aa7d67e2243bd9a3fd465

  • SHA256

    e39b4d47bafb657aa37f821378b6140e21643173551f0c01adf8dbf4a3f0d748

  • SHA512

    aaaafcad061f3ce56aeb0a636fb375dbb8eda5d34e4ce743037ff90ec00b3cd972bbf671881f0a3fb3ab9a03f0782944454f78eed2cf33c72aff2e758e52ce6f

  • SSDEEP

    3072:fBAp5XhKpN4eOyVTGfhEClj8jTk+0hD+V64pfPFxI:ibXE9OiTGfhEClq9VzfPFa

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GOLAYA-SEXY.exe
    "C:\Users\Admin\AppData\Local\Temp\GOLAYA-SEXY.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\ebi_manya_kon\so_my_name_is_brus_dick.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:3952
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\kandyvi\krasota_ta_kakaya.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:2752
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\kandyvi\prich4ki_pouuuuut.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:3896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\ebi_manya_kon\so_my_name_is_brus_dick.bat
    Filesize

    2KB

    MD5

    7d744cf5e580d72d8f5043d150d493c1

    SHA1

    3a6a8cc463a408e9962b05c939ff17feb5af6a14

    SHA256

    1e121e5015638fd024cc86bea8153a133fd53428b856a5abaf753eb46fdeb624

    SHA512

    f296a55289388ae855f2a32b6e5088a921af3d86d1c8bb57581ce77a52dbedc0e308bb256dcc01760a458cc0fadfb3b77a1bc7235d03be4a2690cd227140dc29

    Download Submit

  • C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\kandyvi\ebi_manya_kon.rud
    Filesize

    33B

    MD5

    7d94f52916ecca6d3c68eb13ab68a2ab

    SHA1

    f40da9aa43d2208ab2ca0c0792572588b5f54c02

    SHA256

    354b2baf1b5a08368077e053984063a0a94736e16d3d77aa259e7d212e50b92a

    SHA512

    c15e0655df3a745949926ff7b783b565a137916a3dfc52f15698643ac8405223259d2ae7641e4d4ab572f926cd0b192a500ef10349cab60b1e92da838497fd0c

    Download Submit

  • C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\kandyvi\krasota_ta_kakaya.vbs
    Filesize

    909B

    MD5

    7b492ffa8638ebfec98dc28d94d40b50

    SHA1

    b1c0142200aaecaa0ec81d915879265be6e429cb

    SHA256

    73ef3bffc757aa3b8b181a92a08f0c525996bac3a51935200690ac77e8e7be57

    SHA512

    be1b3563fc5c8b9c918ee217881bf00fdf4040d311dcca6a856526a5583e2dc538d86c25946dc30f19e02f2708e8bc2c28d645a7934b7f189a30f2556f67c77b

    Download Submit

  • C:\Program Files (x86)\na ulissdfsdf\take me devo4ka\kandyvi\prich4ki_pouuuuut.vbs
    Filesize

    635B

    MD5

    a2d2ec3d8447064be489ff80607614eb

    SHA1

    15aa84b1a47f8f9c1a634bf0491172520008a3c7

    SHA256

    1e27c6d0bf78023e7156a02da0f5d91f6380e3caeca3b14b978c00de52c21969

    SHA512

    5a0d105f02b987706d869234bb8634cef297308463403fafaaa651e4f931bc59ee74ac1cb47b92390a0d1cb03d856372a6d55af3eb830fef4d44708c8a980530

    Download Submit

  • memory/4620-27-0x0000000000400000-0x0000000000432000-memory.dmp

    Filesize

    200KB

    Download