Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0500be823fff41756ebbc603595431a8_JaffaCakes118

  • Size

    86KB

  • Sample

    241001-j7j1eszbjr

  • MD5

    0500be823fff41756ebbc603595431a8

  • SHA1

    a902d48a8d3a0928157f06c3381ecde763b7dd53

  • SHA256

    a4714851175ba06a02838d7926fe543e07a821f28819c62926cf6df40927130d

  • SHA512

    c849dc312624831f90c6ff7b3a79a033a81491af58efc283ba7099b13b7d187c3aeb43c747fb53901257615a46f9226a9541873f9e329b5b2f8f7506fb36cdff

  • SSDEEP

    1536:IQWQFGFI/PvgCRN59/iKLLbkkLoeP3FTSyDaqCj8+TSBLGi6ZS1a:Xrz/BRgybkkLoYcyGqrKJSI

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      180KB

    • MD5

      382a92ffb40d6f916369283221203e31

    • SHA1

      d6917ccf8618913dd50af79c4faf0de9722b7fb1

    • SHA256

      db42602675e782803c0105228bceb8d2b99204c280eaf43956484234e0319798

    • SHA512

      16983e0bae282d77b6e14c1583662776f02d6c232543cfe8c22be0f14dc83f968657e8dc5f0cc7dcc8711892384c046674c60d6daa01b82e17da2d8a55544192

    • SSDEEP

      3072:rBAp5XhKpN4eOyVTGfhEClj8jTk+0h9n+sTMOHQ8nHy:WbXE9OiTGfhEClq9oMOHq

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks