Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
20/08/2023, 10:53
General
-
Target
51e558b6caee4ed85f35266108fad8c4_goldeneye_JC.exe
-
Size
372KB
-
MD5
51e558b6caee4ed85f35266108fad8c4
-
SHA1
354b9f56f4cd40d9faf4b3163be89dc0846b16b2
-
SHA256
3ce389f101a1bee070f81454a48843c237cb69e258cf180100ed7b4da6b9d8b7
-
SHA512
518a90ca5ffeb7ccd6a021547d04cef99802a1f8bdec5cdccd8089f0e091cade7dff26c4e7ec810c51cb5aea7aeefea87598ad879614fbaae3c91773292091ac
-
SSDEEP
3072:CEGh0onmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGIl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\51e558b6caee4ed85f35266108fad8c4_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\51e558b6caee4ed85f35266108fad8c4_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0FC4306E-D0F5-4c1b-B89D-E7D1D304F790}.exeC:\Windows\{0FC4306E-D0F5-4c1b-B89D-E7D1D304F790}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9507126-C105-4203-A2DB-2731CC72AC5A}.exeC:\Windows\{C9507126-C105-4203-A2DB-2731CC72AC5A}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9507~1.EXE > nul4⤵
-
-
C:\Windows\{DBF467E6-F0D8-470c-9C58-C913CC836B47}.exeC:\Windows\{DBF467E6-F0D8-470c-9C58-C913CC836B47}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B27FDAC7-914C-4377-A7F3-60698952C511}.exeC:\Windows\{B27FDAC7-914C-4377-A7F3-60698952C511}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B27FD~1.EXE > nul6⤵
-
-
C:\Windows\{CBC16C83-0696-4280-A54B-B262475A0C04}.exeC:\Windows\{CBC16C83-0696-4280-A54B-B262475A0C04}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CBC16~1.EXE > nul7⤵
-
-
C:\Windows\{3794B07E-4EE7-4df0-B2C0-0F8F150196A7}.exeC:\Windows\{3794B07E-4EE7-4df0-B2C0-0F8F150196A7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97A6D938-AF00-4353-B0DA-8BEAF3006640}.exeC:\Windows\{97A6D938-AF00-4353-B0DA-8BEAF3006640}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A4FFA7B-6989-481f-91EC-361C9E8958F7}.exeC:\Windows\{2A4FFA7B-6989-481f-91EC-361C9E8958F7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A4FF~1.EXE > nul10⤵
-
-
C:\Windows\{D7C49D4B-7CDD-488f-B0C1-736C064D1021}.exeC:\Windows\{D7C49D4B-7CDD-488f-B0C1-736C064D1021}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7C49~1.EXE > nul11⤵
-
-
C:\Windows\{D0BF65F6-E711-4c12-8940-B45B477B2023}.exeC:\Windows\{D0BF65F6-E711-4c12-8940-B45B477B2023}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0BF6~1.EXE > nul12⤵
-
-
C:\Windows\{C503BA2F-54D4-4e11-86E9-672D0C0577A7}.exeC:\Windows\{C503BA2F-54D4-4e11-86E9-672D0C0577A7}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97A6D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3794B~1.EXE > nul8⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DBF46~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0FC43~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\51E558~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5319cbc59f873e84297e5e7f6ea4c5461
SHA16555c36ec88d4f33efe7e13ea9af9e9b6c5f88dc
SHA256bc3a9efc987594e161cba1bc17073d00a514d8a7ae5b52d2b8a17e4c543e7461
SHA5128daff9d7ae5ed9c909e9089529a58d95e8a3ac11342101a107eb4bab0fa892b5e5317f845690f2a0752157350dc73a4cbdee78987d91096a78825bf058ad4a61
-
Filesize
372KB
MD5319cbc59f873e84297e5e7f6ea4c5461
SHA16555c36ec88d4f33efe7e13ea9af9e9b6c5f88dc
SHA256bc3a9efc987594e161cba1bc17073d00a514d8a7ae5b52d2b8a17e4c543e7461
SHA5128daff9d7ae5ed9c909e9089529a58d95e8a3ac11342101a107eb4bab0fa892b5e5317f845690f2a0752157350dc73a4cbdee78987d91096a78825bf058ad4a61
-
Filesize
372KB
MD5319cbc59f873e84297e5e7f6ea4c5461
SHA16555c36ec88d4f33efe7e13ea9af9e9b6c5f88dc
SHA256bc3a9efc987594e161cba1bc17073d00a514d8a7ae5b52d2b8a17e4c543e7461
SHA5128daff9d7ae5ed9c909e9089529a58d95e8a3ac11342101a107eb4bab0fa892b5e5317f845690f2a0752157350dc73a4cbdee78987d91096a78825bf058ad4a61
-
Filesize
372KB
MD594b0faea7e381c43ad54e5a209992873
SHA11fab1153801bf66630a81e0024bd5b7a8822da3d
SHA256639b46ff06a7aabeba618d8b86a49bdedcf09b68006e3cdd632245dc33bb9d38
SHA5128c1fbba3589dc12d87828d1daa318f5dcf3dab88eac07b6517b94938e7af93e9b51d7dd0dfa182f16fedfc3412706f88fcdf9fd9e052bd230240b402b4e28f7a
-
Filesize
372KB
MD594b0faea7e381c43ad54e5a209992873
SHA11fab1153801bf66630a81e0024bd5b7a8822da3d
SHA256639b46ff06a7aabeba618d8b86a49bdedcf09b68006e3cdd632245dc33bb9d38
SHA5128c1fbba3589dc12d87828d1daa318f5dcf3dab88eac07b6517b94938e7af93e9b51d7dd0dfa182f16fedfc3412706f88fcdf9fd9e052bd230240b402b4e28f7a
-
Filesize
372KB
MD582cde346f6b68bcd236e02d6bb99cce4
SHA1c4950b4d7519a6b3c42a813a87c709d559c9c219
SHA256f0871b1cdb924eecb74833e108668be161d4fa10d492fd58b22477337dddaf5c
SHA512a6ad42c7cad55140a1424f832af10c4b46437a3c807aa388c534685ee4a9e4bb203841ccce8263e0e5a846ab9ac946e5a3888c52ee74640a1d7398677131684c
-
Filesize
372KB
MD582cde346f6b68bcd236e02d6bb99cce4
SHA1c4950b4d7519a6b3c42a813a87c709d559c9c219
SHA256f0871b1cdb924eecb74833e108668be161d4fa10d492fd58b22477337dddaf5c
SHA512a6ad42c7cad55140a1424f832af10c4b46437a3c807aa388c534685ee4a9e4bb203841ccce8263e0e5a846ab9ac946e5a3888c52ee74640a1d7398677131684c
-
Filesize
372KB
MD589d7b8e274ae3fe2e2721dd410e3fdf3
SHA1c10e06c584869c80aee3d8a605ca2717f3231a7b
SHA25683b17c0ac00d5a60b408a52c382a3d273aeaae9e0528f774d3ca4b9a15b7b7bf
SHA512fb8549e41788c8d3130e6525d701d9b49591c5ad9dbf343420f8a28c101897cabe38576d10699291598008bf625c155d975674d363714b7050a33de4eba664a6
-
Filesize
372KB
MD589d7b8e274ae3fe2e2721dd410e3fdf3
SHA1c10e06c584869c80aee3d8a605ca2717f3231a7b
SHA25683b17c0ac00d5a60b408a52c382a3d273aeaae9e0528f774d3ca4b9a15b7b7bf
SHA512fb8549e41788c8d3130e6525d701d9b49591c5ad9dbf343420f8a28c101897cabe38576d10699291598008bf625c155d975674d363714b7050a33de4eba664a6
-
Filesize
372KB
MD58c2826df42c6976e8434d46e00554ae1
SHA12eaf52a2d3debdb7bc394232649edd5df80a94cd
SHA256a5fb57768d3cef1f85b5ddf72dcf7ab4111afa2ba85f43f6cea4e7a649c992fa
SHA512cf029578b9ee442c8a1bf63e4e1b9425000d967fae2824177aef2e183e23ba257164719481b354a1894fe4a7008c55ce889845e257e9e0404907df2cb224d87f
-
Filesize
372KB
MD58c2826df42c6976e8434d46e00554ae1
SHA12eaf52a2d3debdb7bc394232649edd5df80a94cd
SHA256a5fb57768d3cef1f85b5ddf72dcf7ab4111afa2ba85f43f6cea4e7a649c992fa
SHA512cf029578b9ee442c8a1bf63e4e1b9425000d967fae2824177aef2e183e23ba257164719481b354a1894fe4a7008c55ce889845e257e9e0404907df2cb224d87f
-
Filesize
372KB
MD517e172360faf549c9e7785b9856ec6be
SHA1194f4a0a4391d44ffda2fe103d4f46e2805a9bb4
SHA256a599a88b69765cb5b0643191f595d57b8260771793d9da6cb86dd0b4c3daf4b2
SHA512469cae918fcc07b9ff13cdcd95ed66098f4424561872a722c65299394d1eb0614a79e30187088630cda832ba5b2a0003a393029617b99dddce3e2f28a5cfbe7c
-
Filesize
372KB
MD569d86062059ba9374d909aa4684af2ba
SHA1c6b85046633cb19000b39cdb61031a5ce80252ba
SHA2567e3f0a5bac5503cd90becb0b7e9cf57a6b9bc1c8a1243c805653441d49bfa7d5
SHA512ca87840637159f3f65c41ffceab83edc8426679ae9aff99f4ca66d700328af998354038523e628035fc2b950d6e35a99421f3a6126f84119a44d4c2b0b0a60f2
-
Filesize
372KB
MD569d86062059ba9374d909aa4684af2ba
SHA1c6b85046633cb19000b39cdb61031a5ce80252ba
SHA2567e3f0a5bac5503cd90becb0b7e9cf57a6b9bc1c8a1243c805653441d49bfa7d5
SHA512ca87840637159f3f65c41ffceab83edc8426679ae9aff99f4ca66d700328af998354038523e628035fc2b950d6e35a99421f3a6126f84119a44d4c2b0b0a60f2
-
Filesize
372KB
MD56fd0668a9b24eb70ea1c72601c1ef9f2
SHA1290ca41c3af8e9cfa3f9e5717fdb0dcb393d5367
SHA2568e9357c815000782164d7b8586996dc57092d26d1843106b58b3c5736e7e051f
SHA5129accf780fd9d97df107490c779139c1eb052b1bee2848230531ac1f98ee2e76497237d8a9c13a82fcac8c1dfdc018f3db6ead1338dfad663bc38709875af2f31
-
Filesize
372KB
MD56fd0668a9b24eb70ea1c72601c1ef9f2
SHA1290ca41c3af8e9cfa3f9e5717fdb0dcb393d5367
SHA2568e9357c815000782164d7b8586996dc57092d26d1843106b58b3c5736e7e051f
SHA5129accf780fd9d97df107490c779139c1eb052b1bee2848230531ac1f98ee2e76497237d8a9c13a82fcac8c1dfdc018f3db6ead1338dfad663bc38709875af2f31
-
Filesize
372KB
MD54b21ff2ad07f233653c34e18d1a730f6
SHA17c63f46ec449d455ea8c8f58c5c3a8f369d68bdd
SHA256073cd01bba497744964d120aca728fd5adac909c6dd1caf7928703ce59a84e65
SHA512bc36fba4765771776c851811d9b6298725aa7b84646fea0b9845dd789839624e3a2b5ce5d55380b9ab39ee782530235fda55da65043217542c6e7514f8be9c79
-
Filesize
372KB
MD54b21ff2ad07f233653c34e18d1a730f6
SHA17c63f46ec449d455ea8c8f58c5c3a8f369d68bdd
SHA256073cd01bba497744964d120aca728fd5adac909c6dd1caf7928703ce59a84e65
SHA512bc36fba4765771776c851811d9b6298725aa7b84646fea0b9845dd789839624e3a2b5ce5d55380b9ab39ee782530235fda55da65043217542c6e7514f8be9c79
-
Filesize
372KB
MD5b84bc40fb2cee2347444a07502eddc3e
SHA10f7a9ae32805f8fd955b88dfff9e54316c811e7f
SHA256ee1f710f541c3f2bf8da6e93c71a0d0087d2635a6ce6d26995cbf9a1d950769a
SHA512b547b1797b56a2900c33e48b37ea123fd35e220fe543582401fbe717b8255aa3a3194f45ebe668bf0a6c1f9d9be5ad722f857adcb7ba88b1e5ec34d10c483380
-
Filesize
372KB
MD5b84bc40fb2cee2347444a07502eddc3e
SHA10f7a9ae32805f8fd955b88dfff9e54316c811e7f
SHA256ee1f710f541c3f2bf8da6e93c71a0d0087d2635a6ce6d26995cbf9a1d950769a
SHA512b547b1797b56a2900c33e48b37ea123fd35e220fe543582401fbe717b8255aa3a3194f45ebe668bf0a6c1f9d9be5ad722f857adcb7ba88b1e5ec34d10c483380
-
Filesize
372KB
MD5c94dbe982c6113543d1b2925455d2cea
SHA1ccd7bd47d3af7be0571ecbda5ae81aaa443a9876
SHA25672919c2fcdd16e9a01b92a4c1458044dd422df2228629def1452623c3fb5522f
SHA512707638d2ab02cb184109ed159dbc6bacdb79387209e24e9bcaf426b1eef64ddb1ce3ddea2722bbcd66f6a12fd752bbbe5322f1f27670a071f352b4a6fa8f2ec1
-
Filesize
372KB
MD5c94dbe982c6113543d1b2925455d2cea
SHA1ccd7bd47d3af7be0571ecbda5ae81aaa443a9876
SHA25672919c2fcdd16e9a01b92a4c1458044dd422df2228629def1452623c3fb5522f
SHA512707638d2ab02cb184109ed159dbc6bacdb79387209e24e9bcaf426b1eef64ddb1ce3ddea2722bbcd66f6a12fd752bbbe5322f1f27670a071f352b4a6fa8f2ec1