Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f95a6a08f833eeb37d82f6f6cca3f57c_JaffaCakes118
-
Size
88KB
-
Sample
240419-df9h4seg94
-
MD5
f95a6a08f833eeb37d82f6f6cca3f57c
-
SHA1
a3621500976e609ca10850f7f0ffe703ed409bb1
-
SHA256
d2f5e251e9d0d90c2e9d29ca332b881cc71b9e11d5ef67470ed65e05223e01d9
-
SHA512
2c42be6f17a0f8b7917e961e074064173352a3ef48eeed673d51f1eab8533f1949a9b3b066b05971afb063231ef05812464fa9f00b26fd8be9be40013e50f29a
-
SSDEEP
1536:ZQwHfvMS0xcGxFyhQkrnb1Mq9WbB7fS+lE+dFNpRD+xIh7N0YNPrEiJmAEpbsp4:ZnHXMpxcGxFyhQ0bOqYxf7v3YKj3JmWy
Static task
static1
Behavioral task
behavioral1
Sample
GOLAYA-PHOTO.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
GOLAYA-PHOTO.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
GOLAYA-PHOTO.exe
-
Size
180KB
-
MD5
150145e71d2d6d5dea85bad963c49939
-
SHA1
1f96fc6f6bc2f0d33680ff38c440e95e348edfb4
-
SHA256
ee36fa40e546682624e4028bb270e5282f49fdf623f36d729b8900cba823e887
-
SHA512
709d6f9b98269ffb6299484f1fbd9e73d307281af24430ef33d7c09a3425259a854acb74fe1e5a46bd308d0fcd293e8bd00e86b5f0c88054bd7eac0cdb861912
-
SSDEEP
3072:6BAp5XhKpN4eOyVTGfhEClj8jTk+0hL/eSZZvLf6CNsPrXJ8WYQKaLnS:JbXE9OiTGfhEClq90GSZZvLCCNsPrXJm
Score8/10-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-