Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
20/08/2023, 10:19
General
-
Target
4f7ad766ec4ddcce3921e20260cd4737_goldeneye_JC.exe
-
Size
168KB
-
MD5
4f7ad766ec4ddcce3921e20260cd4737
-
SHA1
2648a895ca071ba55181ca3e95008b3f041acbfc
-
SHA256
8bc6e030911ca337b47212cc52e152bf17c434ee1f8af967986735d045114fa1
-
SHA512
7816dcd70b62ca55d97d4a024ba7fd77fad1cda3010f71107646795c9dc3b941a19ae0fb5eba016ae249670de180738e4d906c2857a3bbb3df79042691c66225
-
SSDEEP
1536:1EGh0oBlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oBlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4f7ad766ec4ddcce3921e20260cd4737_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\4f7ad766ec4ddcce3921e20260cd4737_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80E507F1-3C11-4fed-BCB3-49950C16A12D}.exeC:\Windows\{80E507F1-3C11-4fed-BCB3-49950C16A12D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{174A4B4F-53E1-44ce-9F0B-F109A6A339A5}.exeC:\Windows\{174A4B4F-53E1-44ce-9F0B-F109A6A339A5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D299FAAF-38B6-4080-845A-D8355ED31D8F}.exeC:\Windows\{D299FAAF-38B6-4080-845A-D8355ED31D8F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D299F~1.EXE > nul5⤵
-
-
C:\Windows\{2248ADAE-3356-49bf-A730-25784854BE16}.exeC:\Windows\{2248ADAE-3356-49bf-A730-25784854BE16}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2248A~1.EXE > nul6⤵
-
-
C:\Windows\{4EA0CE85-C90D-41a6-A644-66F6E4F21894}.exeC:\Windows\{4EA0CE85-C90D-41a6-A644-66F6E4F21894}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4EA0C~1.EXE > nul7⤵
-
-
C:\Windows\{FF7C4AC2-2995-43b4-A6CA-9D0FBCC8F71A}.exeC:\Windows\{FF7C4AC2-2995-43b4-A6CA-9D0FBCC8F71A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{89A924A6-6054-48ab-977A-8C5ABDE8355A}.exeC:\Windows\{89A924A6-6054-48ab-977A-8C5ABDE8355A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C33374BB-2FD4-4180-BFE7-E8C498730D72}.exeC:\Windows\{C33374BB-2FD4-4180-BFE7-E8C498730D72}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3337~1.EXE > nul10⤵
-
-
C:\Windows\{2ABF0A23-5B72-4d75-A604-9E028F14E0EC}.exeC:\Windows\{2ABF0A23-5B72-4d75-A604-9E028F14E0EC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2ABF0~1.EXE > nul11⤵
-
-
C:\Windows\{24D97D23-B700-478a-81D6-0A75185D9C01}.exeC:\Windows\{24D97D23-B700-478a-81D6-0A75185D9C01}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24D97~1.EXE > nul12⤵
-
-
C:\Windows\{C1633214-EE4A-4ce9-A1CE-16A70FC71871}.exeC:\Windows\{C1633214-EE4A-4ce9-A1CE-16A70FC71871}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89A92~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF7C4~1.EXE > nul8⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{174A4~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80E50~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\4F7AD7~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD596f3817fe6bc187e0b9fb3f1c1bd751b
SHA111c74cf960d0b6ce84ed98f18d312e4421e2e407
SHA256bedf1482d4fe680ec6426952cb98d4ea52a38acc646962636d6df03c8ee0b21f
SHA51258ef24c8a6ba9654cfc10482a1c11685852f5b88a0fda90b8854d0a4b3bb7f69724bebf62774def5d03ab05c4bc67390ae2efbaa0ab01e70a6b7030a2065b3b0
-
Filesize
168KB
MD596f3817fe6bc187e0b9fb3f1c1bd751b
SHA111c74cf960d0b6ce84ed98f18d312e4421e2e407
SHA256bedf1482d4fe680ec6426952cb98d4ea52a38acc646962636d6df03c8ee0b21f
SHA51258ef24c8a6ba9654cfc10482a1c11685852f5b88a0fda90b8854d0a4b3bb7f69724bebf62774def5d03ab05c4bc67390ae2efbaa0ab01e70a6b7030a2065b3b0
-
Filesize
168KB
MD58e5c55385298401ca98239c106508e3b
SHA19b12d8359f543d29769fa495b6fdf87c1c7bceba
SHA2564498d17181db50920876f666dd08ee1cff3750aeabe7b8878db663eb94d2c5ab
SHA5123d3d2a3dc5302fbf18e85bd76f504be83c5817e5f5c58dbe18f14106fd8dfedfa1cbc532663041021d70aef1c28669968abc6eac698f9819946c553833d4334f
-
Filesize
168KB
MD58e5c55385298401ca98239c106508e3b
SHA19b12d8359f543d29769fa495b6fdf87c1c7bceba
SHA2564498d17181db50920876f666dd08ee1cff3750aeabe7b8878db663eb94d2c5ab
SHA5123d3d2a3dc5302fbf18e85bd76f504be83c5817e5f5c58dbe18f14106fd8dfedfa1cbc532663041021d70aef1c28669968abc6eac698f9819946c553833d4334f
-
Filesize
168KB
MD558786a7f03cf64dd868d5608a7dd3bfd
SHA1b5477da26c79a02d3ad8ed071d16920b608d8952
SHA2561e2efcea77be3247f74d0759e02a5b69af49c12c2bee51569c207e2cb8a38a36
SHA5124ce7047a36290daa596bffc8b6f17cdebbaced50a0e05f95d7a64f85299a377bb3f5faff453b34b888277175ec32a19bf28fcb61bff4569ce16e74ff22f871af
-
Filesize
168KB
MD558786a7f03cf64dd868d5608a7dd3bfd
SHA1b5477da26c79a02d3ad8ed071d16920b608d8952
SHA2561e2efcea77be3247f74d0759e02a5b69af49c12c2bee51569c207e2cb8a38a36
SHA5124ce7047a36290daa596bffc8b6f17cdebbaced50a0e05f95d7a64f85299a377bb3f5faff453b34b888277175ec32a19bf28fcb61bff4569ce16e74ff22f871af
-
Filesize
168KB
MD5b18bdf43fd7ce391ab3ee21b5323d621
SHA1889f530e437b530f06cfff5c540573a3bf75fbbb
SHA256b7b3117216108230364dc4e61d40917bb8a2a64a22584c1986f05b863e8506fc
SHA512183f0d12395ffe1a1b0458a44a6429fafa9454597a6fba09d48ce5a85b1ace6eef0a1e57a5eb0b10d21515d3bec549293fa6cedabd9eb73a09f7a9b574b6cbac
-
Filesize
168KB
MD5b18bdf43fd7ce391ab3ee21b5323d621
SHA1889f530e437b530f06cfff5c540573a3bf75fbbb
SHA256b7b3117216108230364dc4e61d40917bb8a2a64a22584c1986f05b863e8506fc
SHA512183f0d12395ffe1a1b0458a44a6429fafa9454597a6fba09d48ce5a85b1ace6eef0a1e57a5eb0b10d21515d3bec549293fa6cedabd9eb73a09f7a9b574b6cbac
-
Filesize
168KB
MD5a07b976c7ccd2ac923a4843f7dccbb38
SHA1d261bcb21f61cfc7b18469060e432bfbe96543b7
SHA25615819948f333703c6600174e2b286410242a132c413717c8ed8c6b2aebef668c
SHA5125a06d5b2142f98d41d7f22ab38182810a7badb91c1b7a087af50fb71ff08f7133f85d3855d3c2e6e6aed68bdf03c9ddb62c17c2bf251b4004f027c6fa5d97a97
-
Filesize
168KB
MD5a07b976c7ccd2ac923a4843f7dccbb38
SHA1d261bcb21f61cfc7b18469060e432bfbe96543b7
SHA25615819948f333703c6600174e2b286410242a132c413717c8ed8c6b2aebef668c
SHA5125a06d5b2142f98d41d7f22ab38182810a7badb91c1b7a087af50fb71ff08f7133f85d3855d3c2e6e6aed68bdf03c9ddb62c17c2bf251b4004f027c6fa5d97a97
-
Filesize
168KB
MD58356a8db2f514d97dac95b734f1fea1d
SHA13d5a048f13b276588be10538a3e355abd6346f29
SHA256594692f41e90b5434a10f87a8518a46e51f7f8133a91015c7e9322ea1f54f591
SHA512b17e439c0dc814219a71e025c3402ac8b741d791a561447d6c624bea327eac257c6926e6b18ed7e98cf77f975ebd845e7e2cf598d51ad8b92cb003ec74e193d4
-
Filesize
168KB
MD58356a8db2f514d97dac95b734f1fea1d
SHA13d5a048f13b276588be10538a3e355abd6346f29
SHA256594692f41e90b5434a10f87a8518a46e51f7f8133a91015c7e9322ea1f54f591
SHA512b17e439c0dc814219a71e025c3402ac8b741d791a561447d6c624bea327eac257c6926e6b18ed7e98cf77f975ebd845e7e2cf598d51ad8b92cb003ec74e193d4
-
Filesize
168KB
MD58356a8db2f514d97dac95b734f1fea1d
SHA13d5a048f13b276588be10538a3e355abd6346f29
SHA256594692f41e90b5434a10f87a8518a46e51f7f8133a91015c7e9322ea1f54f591
SHA512b17e439c0dc814219a71e025c3402ac8b741d791a561447d6c624bea327eac257c6926e6b18ed7e98cf77f975ebd845e7e2cf598d51ad8b92cb003ec74e193d4
-
Filesize
168KB
MD53a77c86666938a12c59f7ddd64dc38b3
SHA17b57cdf3e2b8bbb09647db77aa01b91b4db12089
SHA256b0289eaa9f2fcbd3ba094680d4a8f5c11dadf41a21075894236af17a695012b3
SHA51215f54d704974671122c86cd1fa66797e83153da41fe7202a2e4982fe6631cd2752cc51571501814ad8ddf5a70645b1ffc9e3d09d82a4da5e1a39e49412492249
-
Filesize
168KB
MD53a77c86666938a12c59f7ddd64dc38b3
SHA17b57cdf3e2b8bbb09647db77aa01b91b4db12089
SHA256b0289eaa9f2fcbd3ba094680d4a8f5c11dadf41a21075894236af17a695012b3
SHA51215f54d704974671122c86cd1fa66797e83153da41fe7202a2e4982fe6631cd2752cc51571501814ad8ddf5a70645b1ffc9e3d09d82a4da5e1a39e49412492249
-
Filesize
168KB
MD529d5c929e549a977982ce0a1e3e640e9
SHA1dac8b5150b272906fecdb120d0478d157aa02473
SHA2564c6c55be07eafc77ed0eabee3acff8f5a15bd615f7c74cc4d617dba38d3382b1
SHA5126a81c7f3652bdc9688af900a042b81a1461664f0d3c68cdf458baff28bdc320f037b564001f448efd2ce1de39f45c821b8d00da8f03d9f8d2a4f96ab4d15dea6
-
Filesize
168KB
MD536c4095456b1ae4cc89f5bfc97003144
SHA14ad80751d7a46454702fab8895e434d519666bed
SHA256a39545244ca66e875a1983896c2b14a7509cccd422cfeff439d915f29c370cb2
SHA512003b115af7040b27d32742ca9877694b2020ae60ebed23fb86fe7247098dc5a57fdfd6630fcc5cb8ea2186fa0d94b8d920941797a65e04d6fbdefdab6bae6698
-
Filesize
168KB
MD536c4095456b1ae4cc89f5bfc97003144
SHA14ad80751d7a46454702fab8895e434d519666bed
SHA256a39545244ca66e875a1983896c2b14a7509cccd422cfeff439d915f29c370cb2
SHA512003b115af7040b27d32742ca9877694b2020ae60ebed23fb86fe7247098dc5a57fdfd6630fcc5cb8ea2186fa0d94b8d920941797a65e04d6fbdefdab6bae6698
-
Filesize
168KB
MD576af8835388a8fc78bd0f82f875523e0
SHA172b3e6c664765e16763b172723cee21bee688cb2
SHA25627b06aebddeef780fff1e2e2afbcd47a4919bbd84c95bd5d370a2d6f36e0bcf0
SHA512f71c5cd5be9e04d3b6279fdf67cc0cdff83b3aa16e6e4743742cb63cd637e46aa9212ab81d470a4ea90b7e6154c2cff448f53789537512f5f0bc0822bd5485d5
-
Filesize
168KB
MD576af8835388a8fc78bd0f82f875523e0
SHA172b3e6c664765e16763b172723cee21bee688cb2
SHA25627b06aebddeef780fff1e2e2afbcd47a4919bbd84c95bd5d370a2d6f36e0bcf0
SHA512f71c5cd5be9e04d3b6279fdf67cc0cdff83b3aa16e6e4743742cb63cd637e46aa9212ab81d470a4ea90b7e6154c2cff448f53789537512f5f0bc0822bd5485d5
-
Filesize
168KB
MD5049421d67e3edba381b2a0153bcd28ef
SHA1684c5df1b780c88b2099158b04e179b13ce63fbd
SHA2563cfee0f80c356bf399a1df1390d9f4c81966364551c83c8daa1f397c8c1f0029
SHA5120275cf6800564f2b2c968ff2416edfe433c3c73fe76febeca1f26902c2152c990c8a64121fb16c98027b22f378c7b8bd5de0fb798dcaab047debf824fd92ca2a
-
Filesize
168KB
MD5049421d67e3edba381b2a0153bcd28ef
SHA1684c5df1b780c88b2099158b04e179b13ce63fbd
SHA2563cfee0f80c356bf399a1df1390d9f4c81966364551c83c8daa1f397c8c1f0029
SHA5120275cf6800564f2b2c968ff2416edfe433c3c73fe76febeca1f26902c2152c990c8a64121fb16c98027b22f378c7b8bd5de0fb798dcaab047debf824fd92ca2a