Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
-
submitted
22/08/2023, 15:02
General
-
Target
672707dbc0c79114cd80b2814aab64b8_goldeneye_JC.exe
-
Size
408KB
-
MD5
672707dbc0c79114cd80b2814aab64b8
-
SHA1
86c6ee155be50deb4d88f99f24ddd9eaa8f47a9f
-
SHA256
0f3633c88981194c09a704a955e1ee4d4c9ee7b5c6547f546833bfb724fff679
-
SHA512
2bbec7b0dd161b12c2ba8f10618d9344c9c375eadf8f2e095f63a6be8bfc541283f357d1f0fac0b5323cb6ad34d109a78996f96872adc0bb8d0ec6ade1346bf7
-
SSDEEP
3072:CEGh0oll3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGrldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\672707dbc0c79114cd80b2814aab64b8_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\672707dbc0c79114cd80b2814aab64b8_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6DD75AF-1FA6-4973-94DF-4762D2EED4F1}.exeC:\Windows\{A6DD75AF-1FA6-4973-94DF-4762D2EED4F1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C3C85B7-85C5-4593-B19E-A6E88B6AA147}.exeC:\Windows\{6C3C85B7-85C5-4593-B19E-A6E88B6AA147}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D0FC091-454A-4777-A1A9-8C69363B999F}.exeC:\Windows\{5D0FC091-454A-4777-A1A9-8C69363B999F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2626BC73-4739-4c1a-B215-FCC02E53D827}.exeC:\Windows\{2626BC73-4739-4c1a-B215-FCC02E53D827}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25BCD7F7-A97E-4f56-9B18-1B5CE30D4C17}.exeC:\Windows\{25BCD7F7-A97E-4f56-9B18-1B5CE30D4C17}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF96AAE2-5E82-4228-9892-02558E94CD27}.exeC:\Windows\{AF96AAE2-5E82-4228-9892-02558E94CD27}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A1B556B-0A25-4ed0-BCF7-E4F358469360}.exeC:\Windows\{6A1B556B-0A25-4ed0-BCF7-E4F358469360}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A394BCB-28D4-4b8a-AA92-1405A827F6A8}.exeC:\Windows\{1A394BCB-28D4-4b8a-AA92-1405A827F6A8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{EE7BF2CC-2194-4f5c-8898-CCE42033C0A6}.exeC:\Windows\{EE7BF2CC-2194-4f5c-8898-CCE42033C0A6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{93DF91CE-263D-4cda-9C31-2AEC2C414FAB}.exeC:\Windows\{93DF91CE-263D-4cda-9C31-2AEC2C414FAB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{24D196C5-FA0F-4e2e-AFDB-4A79CD15558D}.exeC:\Windows\{24D196C5-FA0F-4e2e-AFDB-4A79CD15558D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93DF9~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE7BF~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A394~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A1B5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF96A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25BCD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2626B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D0FC~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C3C8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6DD7~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\672707~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD575e6645813cdd92c6b1b528f1014f311
SHA1f78b4c5c247022367fe4f70ba0e2152dd6afef71
SHA256d37771e0a2b3fa81de57c6dfb34866ba0fe3774ed5ea56a1891cbd322ba84bf3
SHA5126c8decb0485d2cab823f8a4777df587b6385f0fe1ea21eb9295d8d6b2c1e6cbdab794f776f6f7b54fc50ea46f46aaadecc0e6ed9896c2909c5cdf7ee4a767fbc
-
Filesize
408KB
MD575e6645813cdd92c6b1b528f1014f311
SHA1f78b4c5c247022367fe4f70ba0e2152dd6afef71
SHA256d37771e0a2b3fa81de57c6dfb34866ba0fe3774ed5ea56a1891cbd322ba84bf3
SHA5126c8decb0485d2cab823f8a4777df587b6385f0fe1ea21eb9295d8d6b2c1e6cbdab794f776f6f7b54fc50ea46f46aaadecc0e6ed9896c2909c5cdf7ee4a767fbc
-
Filesize
408KB
MD55f2aaef62d1507f86efca3780136f9d4
SHA1067ca5e3be09f79e2dbdb02c0476b9972c8a7975
SHA2563517c2fbe0b6a44de349ab8272ded59b3069caac70163f12669542a3d95ff89a
SHA512d813493c444c13cbf93217da2a26dc5ede7f4cfd75cf278b6dd96ae6f1d6e5d0a886bb3725eb9aa47fa63dd238d98d34be850d2219b03ce5385abf67ba07d636
-
Filesize
408KB
MD5b994b83f88e6e32259001031e1044d01
SHA1998e85e65bb3bfc51700aa34a04cbff3b959e1a0
SHA256822ddd321f862184858a0c393348c75b144f5504a625e03def5e3b5ffd537b53
SHA512cbcb56970f6ee2011641dee96342dc44254048b219a8a1ee8d05a1210712ec7aad1fd9fd2f451cf7e2d17d6de899f5bcbe1e946688d86a8bb1b9518f57406b07
-
Filesize
408KB
MD5b994b83f88e6e32259001031e1044d01
SHA1998e85e65bb3bfc51700aa34a04cbff3b959e1a0
SHA256822ddd321f862184858a0c393348c75b144f5504a625e03def5e3b5ffd537b53
SHA512cbcb56970f6ee2011641dee96342dc44254048b219a8a1ee8d05a1210712ec7aad1fd9fd2f451cf7e2d17d6de899f5bcbe1e946688d86a8bb1b9518f57406b07
-
Filesize
408KB
MD5a078161fcbc033868dc932eb0bc42947
SHA1a849f7589673040e9f9a8cfb466f3242da8d5508
SHA256f15c84238c9287cbec45c31324772f79f1f06754f33685c6bb634014d3a6d622
SHA5128f0f0c6049aeac95e0dce69c183d207ba67dd389aa0751c02650e820b5fa89a8769afc70e2025c623b544ed97bc98550280474ff44132744b554015f2f4dcd5d
-
Filesize
408KB
MD5a078161fcbc033868dc932eb0bc42947
SHA1a849f7589673040e9f9a8cfb466f3242da8d5508
SHA256f15c84238c9287cbec45c31324772f79f1f06754f33685c6bb634014d3a6d622
SHA5128f0f0c6049aeac95e0dce69c183d207ba67dd389aa0751c02650e820b5fa89a8769afc70e2025c623b544ed97bc98550280474ff44132744b554015f2f4dcd5d
-
Filesize
408KB
MD5edeee69ae83930b6c0b6692088d9365f
SHA1576d3fe57c94df0160c378b08a59519e766dcab8
SHA25602e9fc6096374d3fd84226e6a17065967daf19260a1f3bacb0af390d3deae02c
SHA512b08281c4d18fc3b1ee922a6c6a6161d19cc246a26cae03b87dc87c6e0fae99548d30b7bfcf1f8758e218083eabb9e7650ece4ea63c8238d67395c270298bd1a9
-
Filesize
408KB
MD5edeee69ae83930b6c0b6692088d9365f
SHA1576d3fe57c94df0160c378b08a59519e766dcab8
SHA25602e9fc6096374d3fd84226e6a17065967daf19260a1f3bacb0af390d3deae02c
SHA512b08281c4d18fc3b1ee922a6c6a6161d19cc246a26cae03b87dc87c6e0fae99548d30b7bfcf1f8758e218083eabb9e7650ece4ea63c8238d67395c270298bd1a9
-
Filesize
408KB
MD5faa44359b72fa50642557a16eaf1a66c
SHA1d8da1e00bf85d8ce18fb90842d2724a2860f6434
SHA25676763072b20a79ad78af51a92f2a0851e20a352519ac81cc1a38cb635571becc
SHA5123aabe9ddfb730669a9592040745c7663a3a373615ccd64d3f74da0dda04d3be08be20899b0f5fe5b749f85e1157ae7d794b796b0fdccc702153e608fd7ff9652
-
Filesize
408KB
MD5faa44359b72fa50642557a16eaf1a66c
SHA1d8da1e00bf85d8ce18fb90842d2724a2860f6434
SHA25676763072b20a79ad78af51a92f2a0851e20a352519ac81cc1a38cb635571becc
SHA5123aabe9ddfb730669a9592040745c7663a3a373615ccd64d3f74da0dda04d3be08be20899b0f5fe5b749f85e1157ae7d794b796b0fdccc702153e608fd7ff9652
-
Filesize
408KB
MD50cf6921d07f60e8680f302fe5e12788a
SHA17c70a64196b1761e20cdcbf759fae0d32d2d0e65
SHA25684e59717e583181dd9d2900eaf2878a606286f0c88c82b32cee129097ffb7aec
SHA51278154898be76ef4aae2103fd860a6c4ddd663475f7047565de0a900f4a1aa2dbd3f03a7dd1e0989cbc30e4f2963172869d1804f8e85731426e5f436815d7b5e5
-
Filesize
408KB
MD50cf6921d07f60e8680f302fe5e12788a
SHA17c70a64196b1761e20cdcbf759fae0d32d2d0e65
SHA25684e59717e583181dd9d2900eaf2878a606286f0c88c82b32cee129097ffb7aec
SHA51278154898be76ef4aae2103fd860a6c4ddd663475f7047565de0a900f4a1aa2dbd3f03a7dd1e0989cbc30e4f2963172869d1804f8e85731426e5f436815d7b5e5
-
Filesize
408KB
MD57c2f3ac050191f7e1e8f714bf2b0a529
SHA1cb28424f339793b7183549ead752613f7f3e9321
SHA2569aaa3876b5b0791be945382c06ff02fdb38ad178a90add701fd0c45a9e49c0fc
SHA5124f903130402fe936142e82b64de65a06c8f6db5455f93f0625e6a5d93ae60e7315215378522db788ab2d403ca851ca5a0ea7d2891bf73409d312038ea6f3a871
-
Filesize
408KB
MD57c2f3ac050191f7e1e8f714bf2b0a529
SHA1cb28424f339793b7183549ead752613f7f3e9321
SHA2569aaa3876b5b0791be945382c06ff02fdb38ad178a90add701fd0c45a9e49c0fc
SHA5124f903130402fe936142e82b64de65a06c8f6db5455f93f0625e6a5d93ae60e7315215378522db788ab2d403ca851ca5a0ea7d2891bf73409d312038ea6f3a871
-
Filesize
408KB
MD5e235931b4b76122dc4ce4a43c359790b
SHA18936df3c7439c019d18f55da6d4e3532f4483dbe
SHA256794d953c7dd093905a70e6848b787ba90be5d5ccde8b4f2599941e6a91e14915
SHA51216692ba10fc7db6312c8075fa594f570ccee1f77184c65e4a8bb07c16296a53dae66f744117ad4ff7b6fee542020e7a84853988c69182bae33861be7934a210e
-
Filesize
408KB
MD5e235931b4b76122dc4ce4a43c359790b
SHA18936df3c7439c019d18f55da6d4e3532f4483dbe
SHA256794d953c7dd093905a70e6848b787ba90be5d5ccde8b4f2599941e6a91e14915
SHA51216692ba10fc7db6312c8075fa594f570ccee1f77184c65e4a8bb07c16296a53dae66f744117ad4ff7b6fee542020e7a84853988c69182bae33861be7934a210e
-
Filesize
408KB
MD5e235931b4b76122dc4ce4a43c359790b
SHA18936df3c7439c019d18f55da6d4e3532f4483dbe
SHA256794d953c7dd093905a70e6848b787ba90be5d5ccde8b4f2599941e6a91e14915
SHA51216692ba10fc7db6312c8075fa594f570ccee1f77184c65e4a8bb07c16296a53dae66f744117ad4ff7b6fee542020e7a84853988c69182bae33861be7934a210e
-
Filesize
408KB
MD5dbfcbe8bce4c4687e9f3d79a4db55f5f
SHA10bfaa22fa7d1e0c7d21cfb748ca9b12e3554f628
SHA25666b9c8204d77ee70d13106f3e801441f18a6d5200e3c2f4014429ec2fdf42112
SHA51232b3a4e530ff1683caaba5d200cff107edd23eff9bec45460ba25eb2e8e76911bde551ec2ed706d85674c43ac9479144ea8020458ae66dad229f622b9ec56b1b
-
Filesize
408KB
MD5dbfcbe8bce4c4687e9f3d79a4db55f5f
SHA10bfaa22fa7d1e0c7d21cfb748ca9b12e3554f628
SHA25666b9c8204d77ee70d13106f3e801441f18a6d5200e3c2f4014429ec2fdf42112
SHA51232b3a4e530ff1683caaba5d200cff107edd23eff9bec45460ba25eb2e8e76911bde551ec2ed706d85674c43ac9479144ea8020458ae66dad229f622b9ec56b1b
-
Filesize
408KB
MD5af970746be868708af682c442f17bbf6
SHA1de1dbe77bc056824c36eef2af5647beca44a9580
SHA256dc4788baa84590b3860262e5bbf2ef685b14fb8864ddf4e0b92486901b1f80cc
SHA512fefdd6edfd07478cdd64fb592b2f26d1c991e5b5bf62397a292945fcf6e90d48d0df289c7645812e977b525cd972d0423c4e028baf633233f8a13398abff393a
-
Filesize
408KB
MD5af970746be868708af682c442f17bbf6
SHA1de1dbe77bc056824c36eef2af5647beca44a9580
SHA256dc4788baa84590b3860262e5bbf2ef685b14fb8864ddf4e0b92486901b1f80cc
SHA512fefdd6edfd07478cdd64fb592b2f26d1c991e5b5bf62397a292945fcf6e90d48d0df289c7645812e977b525cd972d0423c4e028baf633233f8a13398abff393a