Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
02/10/2023, 17:43
General
-
Target
2023-08-27_3c7769f4620c2f20e76606aba6e87419_goldeneye_JC.exe
-
Size
216KB
-
MD5
3c7769f4620c2f20e76606aba6e87419
-
SHA1
75eef44f9adf7c635324f87d06f6c13da57c42d1
-
SHA256
1d0dd6d8e4cdfcfa609f149d370d95ee3959d6acf7c28afbc033115d1acccce6
-
SHA512
656bbacd84d850e2ed8d72800ea47301fe784f31d35204cb67f5d9a14c29e91d9d81b75b14b9dc6d66e672fc695f666d6dfdf652a10f2d0e999e5ecbc10c955c
-
SSDEEP
3072:jEGh0oil+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGYlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2023-08-27_3c7769f4620c2f20e76606aba6e87419_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\2023-08-27_3c7769f4620c2f20e76606aba6e87419_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DCC7CE4-FD30-41b3-81DB-947EE03AAADE}.exeC:\Windows\{4DCC7CE4-FD30-41b3-81DB-947EE03AAADE}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{977F6962-2EB8-4eee-A0A7-34A1CC8E63BC}.exeC:\Windows\{977F6962-2EB8-4eee-A0A7-34A1CC8E63BC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{977F6~1.EXE > nul4⤵
-
-
C:\Windows\{A9F5FA0E-0795-48ca-9402-E80BAB3C9FEF}.exeC:\Windows\{A9F5FA0E-0795-48ca-9402-E80BAB3C9FEF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BA3ACC6-4637-4df4-90CC-AA5252847220}.exeC:\Windows\{1BA3ACC6-4637-4df4-90CC-AA5252847220}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BA3A~1.EXE > nul6⤵
-
-
C:\Windows\{C9C491C4-7EE4-468a-A302-5FF5E77E3E35}.exeC:\Windows\{C9C491C4-7EE4-468a-A302-5FF5E77E3E35}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8E354EB9-AF58-416a-93D8-D0F7D62E942D}.exeC:\Windows\{8E354EB9-AF58-416a-93D8-D0F7D62E942D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{590E19A2-3EFB-4534-B460-640B0AED2644}.exeC:\Windows\{590E19A2-3EFB-4534-B460-640B0AED2644}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31433D3F-4856-4e72-85D6-9BA57BB3ABD0}.exeC:\Windows\{31433D3F-4856-4e72-85D6-9BA57BB3ABD0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31433~1.EXE > nul10⤵
-
-
C:\Windows\{35DB8618-3177-4ec6-AFB0-ACA3D1AE4192}.exeC:\Windows\{35DB8618-3177-4ec6-AFB0-ACA3D1AE4192}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F649CF2F-8C46-496f-BB9D-F5C469D82E4F}.exeC:\Windows\{F649CF2F-8C46-496f-BB9D-F5C469D82E4F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2537378F-47D9-49d6-84DD-ABE672187B06}.exeC:\Windows\{2537378F-47D9-49d6-84DD-ABE672187B06}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F649C~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{35DB8~1.EXE > nul11⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{590E1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E354~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9C49~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A9F5F~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DCC7~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD586ae13859b22c34551c7c8783286eecf
SHA1281ecc226bc639d73285b1a3dce10dfffce51428
SHA256a08b8fefcf06cc9439d64305c2e976a1f7378272999c96f87a713e64a59f4368
SHA5127f8dc1bba5b2f3572b46d4981d0b4fa775bb7b4e0b828ccf9a42ab93a7c6cc1e784fb4d1d9d61548745a103d345d31d7ff2d3964975e96758585886a45e1df8f
-
Filesize
216KB
MD586ae13859b22c34551c7c8783286eecf
SHA1281ecc226bc639d73285b1a3dce10dfffce51428
SHA256a08b8fefcf06cc9439d64305c2e976a1f7378272999c96f87a713e64a59f4368
SHA5127f8dc1bba5b2f3572b46d4981d0b4fa775bb7b4e0b828ccf9a42ab93a7c6cc1e784fb4d1d9d61548745a103d345d31d7ff2d3964975e96758585886a45e1df8f
-
Filesize
216KB
MD506d033268cac1a4bacee25c2213f297e
SHA19c393dd36fe8cb9f74705f8aad99b40da219cefb
SHA2563ad2e9a95c769f95bb7397ef4c97d89db77979ebf27a3d33025b8fb9f9f685fa
SHA51245267e06a7a3329de17d8fb626e60d90f40601cc04c49d6e772268a2aa797b8b81f6c2c06e8c10fc785833684b101b6b18011a3cfb33e8b923d64c304e6de784
-
Filesize
216KB
MD52903937467ef91870a12010bdada93a1
SHA1a5a9cd70a0ebabfb5ca67a9ef3cac7f2c7cb7737
SHA2569e8d70e29c3e9a5680e28db93933a1673f42e7ea5bf1cdfde20e7ee92294b5b1
SHA5120d18a13e1dff2531da07705963c95b5b83d11c3d5d87360ec7cf1027847459e25a09ee6bf0b4fb44953159615e6b350117ebb83194848d5fd09e0f5fa6775c55
-
Filesize
216KB
MD52903937467ef91870a12010bdada93a1
SHA1a5a9cd70a0ebabfb5ca67a9ef3cac7f2c7cb7737
SHA2569e8d70e29c3e9a5680e28db93933a1673f42e7ea5bf1cdfde20e7ee92294b5b1
SHA5120d18a13e1dff2531da07705963c95b5b83d11c3d5d87360ec7cf1027847459e25a09ee6bf0b4fb44953159615e6b350117ebb83194848d5fd09e0f5fa6775c55
-
Filesize
216KB
MD5916467f8b69958fe0586ebd3cc3ccfac
SHA1ae0be1f895574e34c8d58c94b3a66b9ba11dc3fd
SHA256df7c45e75c3b22288752a5b1c278f973d713c4463aa0e9827578731b9d3f493c
SHA5124e3da1421a8f75c3f798592f81907a79e97377477a67809a586ac2834cd9c996db7b71b464209a1793f1f233e13bfab814642cbbead5bbc22f8815ca8bcaf300
-
Filesize
216KB
MD5916467f8b69958fe0586ebd3cc3ccfac
SHA1ae0be1f895574e34c8d58c94b3a66b9ba11dc3fd
SHA256df7c45e75c3b22288752a5b1c278f973d713c4463aa0e9827578731b9d3f493c
SHA5124e3da1421a8f75c3f798592f81907a79e97377477a67809a586ac2834cd9c996db7b71b464209a1793f1f233e13bfab814642cbbead5bbc22f8815ca8bcaf300
-
Filesize
216KB
MD5b109a52d47a93bed746975eed16717e5
SHA182b68d4855ad9e7bb1b2ad5f7cdb95ff64ce321e
SHA256756dab71fa1b2384c2f819c7970f12fbd6780288b2bfd7b071712a6df807900e
SHA512b38d23d7460077b3d01b6549a6b49743afb11b162a204cd0975f0e9c77061f3711cd03773185b18ff5c260b26831c3ee9b363ce82809cc570129a98697673721
-
Filesize
216KB
MD5b109a52d47a93bed746975eed16717e5
SHA182b68d4855ad9e7bb1b2ad5f7cdb95ff64ce321e
SHA256756dab71fa1b2384c2f819c7970f12fbd6780288b2bfd7b071712a6df807900e
SHA512b38d23d7460077b3d01b6549a6b49743afb11b162a204cd0975f0e9c77061f3711cd03773185b18ff5c260b26831c3ee9b363ce82809cc570129a98697673721
-
Filesize
216KB
MD5b109a52d47a93bed746975eed16717e5
SHA182b68d4855ad9e7bb1b2ad5f7cdb95ff64ce321e
SHA256756dab71fa1b2384c2f819c7970f12fbd6780288b2bfd7b071712a6df807900e
SHA512b38d23d7460077b3d01b6549a6b49743afb11b162a204cd0975f0e9c77061f3711cd03773185b18ff5c260b26831c3ee9b363ce82809cc570129a98697673721
-
Filesize
216KB
MD5dfeb69bd4117ae921a96b30d9fe491a2
SHA1578cafa0103e7a8c60371302bf84337343ba0e6a
SHA25662e56e256f3c3cce8118cea425a829bf443e237befd00a44514ea00ec3a28b6e
SHA512dfebdf6cbbdf6f825f08ef7bac61d6c04065e0230f8873a957200744b10dda927e9b1704bffb0dd6dc923d924dc1cfdc75c6e9e661a28ff330aa249d6b746828
-
Filesize
216KB
MD5dfeb69bd4117ae921a96b30d9fe491a2
SHA1578cafa0103e7a8c60371302bf84337343ba0e6a
SHA25662e56e256f3c3cce8118cea425a829bf443e237befd00a44514ea00ec3a28b6e
SHA512dfebdf6cbbdf6f825f08ef7bac61d6c04065e0230f8873a957200744b10dda927e9b1704bffb0dd6dc923d924dc1cfdc75c6e9e661a28ff330aa249d6b746828
-
Filesize
216KB
MD50cc4f67ca2e08df0fec5c4566dad748f
SHA16257ed3a01508728b55e7a31c51750a13f85be77
SHA256735e3ebd9dc16a687e14f7173b7f417e3d4d09a07e15253c0ca4cd70fb386be6
SHA5127e9c9b9691c77bebf6df589545c7e1f6f9c7551de7dc4b6514508e096eeb00dd7ce7baff3adc691dbb90ba4ba88aea56904ffaae06cc4ec235100661a9fb953f
-
Filesize
216KB
MD50cc4f67ca2e08df0fec5c4566dad748f
SHA16257ed3a01508728b55e7a31c51750a13f85be77
SHA256735e3ebd9dc16a687e14f7173b7f417e3d4d09a07e15253c0ca4cd70fb386be6
SHA5127e9c9b9691c77bebf6df589545c7e1f6f9c7551de7dc4b6514508e096eeb00dd7ce7baff3adc691dbb90ba4ba88aea56904ffaae06cc4ec235100661a9fb953f
-
Filesize
216KB
MD56ac6909be6552458ce077b95252cd40f
SHA1054e31520745d2c972c2d2e946af157de3bfdaac
SHA2560d548241a7a3cbf253c550df23537c97dcdaebf2e0e0fcfb98725a1e867a363c
SHA512274cf3e9252365a84702694edb190a215aecc22d3ae13bae2b9d0ac63d3b147ba2276446ca7be64ef9554057cb670e472e056a05c9b4b4b58d321a703d4bd61a
-
Filesize
216KB
MD56ac6909be6552458ce077b95252cd40f
SHA1054e31520745d2c972c2d2e946af157de3bfdaac
SHA2560d548241a7a3cbf253c550df23537c97dcdaebf2e0e0fcfb98725a1e867a363c
SHA512274cf3e9252365a84702694edb190a215aecc22d3ae13bae2b9d0ac63d3b147ba2276446ca7be64ef9554057cb670e472e056a05c9b4b4b58d321a703d4bd61a
-
Filesize
216KB
MD5612b3b85a45b2d11f1b063083294883c
SHA19a4ca2d123248c137bdedc7d0ddf5c1784510812
SHA256c5d3b6c754edc044db08d2c88cb36a61cc83f147245c301346ede00829f3f9fd
SHA51217af5b80744cdabf2f9388e4bf69b3b8fefe99d55d4a2fd2b419c220ccc9fbf6e14ac11a5c812f60fff70e9331b88e58db2c6432dc6a470587e633c04d0003ec
-
Filesize
216KB
MD5612b3b85a45b2d11f1b063083294883c
SHA19a4ca2d123248c137bdedc7d0ddf5c1784510812
SHA256c5d3b6c754edc044db08d2c88cb36a61cc83f147245c301346ede00829f3f9fd
SHA51217af5b80744cdabf2f9388e4bf69b3b8fefe99d55d4a2fd2b419c220ccc9fbf6e14ac11a5c812f60fff70e9331b88e58db2c6432dc6a470587e633c04d0003ec
-
Filesize
216KB
MD5f52519ead753518555f14a9be30c8950
SHA1b077b68d63ef5d5657b981589b956e9999890373
SHA256a971b7a381fcc2ff7bd014be9d9e2475b5d47c6954402df7ae087533ecfc16f0
SHA5122e36fe958e441cef99c7e0281a2949041142e189f4dde7b62b2ce5ef11350698a118a804565a47a684b0c9e1866899a3d40887ef188c79e5cbdb60dd3b3c9a12
-
Filesize
216KB
MD5f52519ead753518555f14a9be30c8950
SHA1b077b68d63ef5d5657b981589b956e9999890373
SHA256a971b7a381fcc2ff7bd014be9d9e2475b5d47c6954402df7ae087533ecfc16f0
SHA5122e36fe958e441cef99c7e0281a2949041142e189f4dde7b62b2ce5ef11350698a118a804565a47a684b0c9e1866899a3d40887ef188c79e5cbdb60dd3b3c9a12
-
Filesize
216KB
MD5750e55a5b408fca782a1c9dd90c04739
SHA10f61af36e3099bb60e352556f28d5072ec0ff3c3
SHA256ced9be64716a186d5d810716de78946af55c0cb2a4a9e5e3d62294187d1b9e06
SHA51283f880cd560853a18dc43f51471c8407f765aa7ab31ba6632d60a9c439d6727b1cd894d2b17b8fc43840855f1253c88bbf9c597f648ef83777fc9aeed421ef59
-
Filesize
216KB
MD5750e55a5b408fca782a1c9dd90c04739
SHA10f61af36e3099bb60e352556f28d5072ec0ff3c3
SHA256ced9be64716a186d5d810716de78946af55c0cb2a4a9e5e3d62294187d1b9e06
SHA51283f880cd560853a18dc43f51471c8407f765aa7ab31ba6632d60a9c439d6727b1cd894d2b17b8fc43840855f1253c88bbf9c597f648ef83777fc9aeed421ef59