Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

GOLAYA-PHOTO.exe

windows7-x64

8

GOLAYA-PHOTO.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f95a6a08f833eeb37d82f6f6cca3f57c_JaffaCakes118

  • Size

    88KB

  • Sample

    240419-df9h4seg94

  • MD5

    f95a6a08f833eeb37d82f6f6cca3f57c

  • SHA1

    a3621500976e609ca10850f7f0ffe703ed409bb1

  • SHA256

    d2f5e251e9d0d90c2e9d29ca332b881cc71b9e11d5ef67470ed65e05223e01d9

  • SHA512

    2c42be6f17a0f8b7917e961e074064173352a3ef48eeed673d51f1eab8533f1949a9b3b066b05971afb063231ef05812464fa9f00b26fd8be9be40013e50f29a

  • SSDEEP

    1536:ZQwHfvMS0xcGxFyhQkrnb1Mq9WbB7fS+lE+dFNpRD+xIh7N0YNPrEiJmAEpbsp4:ZnHXMpxcGxFyhQ0bOqYxf7v3YKj3JmWy

Score
8/10

Malware Config

Targets

    • Target

      GOLAYA-PHOTO.exe

    • Size

      180KB

    • MD5

      150145e71d2d6d5dea85bad963c49939

    • SHA1

      1f96fc6f6bc2f0d33680ff38c440e95e348edfb4

    • SHA256

      ee36fa40e546682624e4028bb270e5282f49fdf623f36d729b8900cba823e887

    • SHA512

      709d6f9b98269ffb6299484f1fbd9e73d307281af24430ef33d7c09a3425259a854acb74fe1e5a46bd308d0fcd293e8bd00e86b5f0c88054bd7eac0cdb861912

    • SSDEEP

      3072:6BAp5XhKpN4eOyVTGfhEClj8jTk+0hL/eSZZvLf6CNsPrXJ8WYQKaLnS:JbXE9OiTGfhEClq90GSZZvLCCNsPrXJm

    Score
    8/10

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks