Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

PHOTO-DEVOCHKA.exe

windows7-x64

8

PHOTO-DEVOCHKA.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_8a9ad2c1e29b734a004c5c0af39cc9dc

  • Size

    116KB

  • Sample

    250328-mzs5xawrz8

  • MD5

    8a9ad2c1e29b734a004c5c0af39cc9dc

  • SHA1

    8b6acc27f827a42c884fdc1f8c98ea87795045fa

  • SHA256

    4033b010384e049ded38d8296dd0d2154c98e17ec9794cbdd395a180eb1b9833

  • SHA512

    9d737d75af2682ca79afcc83dc9701b2e8a59e0167385564bf3db966e6427edbe59fe8e642c63f202b105ef7939eb95221d4ef83f1ab9174c15fa0dec18bdc13

  • SSDEEP

    3072:osrbFcp/BRgHraYlXb2Jy90wOueKy1SHmi1yhZxU4+ibJ:rrRcp/BRgHrnXb2JElOueKy1Sm2yZxUc

Score
8/10
discovery

Malware Config

Targets

    • Target

      PHOTO-DEVOCHKA.exe

    • Size

      210KB

    • MD5

      d1722d67467ef0a202fcde44c6e049bc

    • SHA1

      2649b8d669784c0ac03e3176c71a2da1e447071e

    • SHA256

      407f4570228efe8ac661a2b85344ede4769b3a5483e51bb56d69dd3915dcdb44

    • SHA512

      1f46a37f436f8d1e0ed820bf5bc85f5d7d7d06d79e786687f420d38ae9e9a56b09d1e75bc5e8154840d8524308ac83e7a085e9ac188bf11e5ef92bf0c1caaf1e

    • SSDEEP

      3072:EBAp5XhKpN4eOyVTGfhEClj8jTk+0h8xwNh/7+Cgw5CKHG:TbXE9OiTGfhEClq9hwaJJUG

    Score
    8/10
    discovery

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks