Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
07/01/2024, 12:06
General
-
Target
2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe
-
Size
192KB
-
MD5
1f3e224395c2e3e5894781513d05b648
-
SHA1
3de5cd65f014e8eafa4dddefd71acfea077cb133
-
SHA256
78253dfea1888d645790b81c1252d290492addfeb508fa31ed0b9fe5bed1ba46
-
SHA512
e206afc3c9758837531e0a91a514425ef0f953c8e1cc0a854ffa581b8ffc5e1877a62f2de30726c79719444730a04e9ab606cbaa8d9d2e31affa8fdb94fe6a9f
-
SSDEEP
1536:1EGh0oQl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0oQl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_1f3e224395c2e3e5894781513d05b648_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\{8FCD9A4A-AAC0-4e54-BA20-111B585CE246}.exeC:\Windows\{8FCD9A4A-AAC0-4e54-BA20-111B585CE246}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB65213B-B05D-4164-8302-C20A4AA1F880}.exeC:\Windows\{AB65213B-B05D-4164-8302-C20A4AA1F880}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB652~1.EXE > nul4⤵
-
-
C:\Windows\{A4DDA3D2-9E66-4da0-9C43-F58761A25FD7}.exeC:\Windows\{A4DDA3D2-9E66-4da0-9C43-F58761A25FD7}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6920BA70-F48D-4961-8EBA-8318E6557F29}.exeC:\Windows\{6920BA70-F48D-4961-8EBA-8318E6557F29}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E602DF90-716E-4208-9827-94CFDB9161F6}.exeC:\Windows\{E602DF90-716E-4208-9827-94CFDB9161F6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA8BA22D-B1DE-40a8-87F5-1D55E2B62FBD}.exeC:\Windows\{FA8BA22D-B1DE-40a8-87F5-1D55E2B62FBD}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5EF7FC6-D6E5-4fdf-8A4F-C25C55CA6F5F}.exeC:\Windows\{C5EF7FC6-D6E5-4fdf-8A4F-C25C55CA6F5F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80BBCC8A-BCFD-4405-A358-B821DC261FC3}.exeC:\Windows\{80BBCC8A-BCFD-4405-A358-B821DC261FC3}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{40A69539-898F-4799-9DA3-C3D86565A711}.exeC:\Windows\{40A69539-898F-4799-9DA3-C3D86565A711}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6D8FFEC7-BEDF-47ea-B17F-AB35449CBDEE}.exeC:\Windows\{6D8FFEC7-BEDF-47ea-B17F-AB35449CBDEE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{152BF529-E006-4d20-A6FD-8AB89FAAA34E}.exeC:\Windows\{152BF529-E006-4d20-A6FD-8AB89FAAA34E}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D8FF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40A69~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80BBC~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5EF7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA8BA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E602D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6920B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A4DDA~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8FCD9~1.EXE > nul3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5412275465f5ca025f56d7ac3bc9bfd34
SHA11c8c1957795eb122bc6427da4625e1faa0eff8f8
SHA256e6c8599ab1cc02b225362c3b5be5271c568d1d49b65fd4d07fff0a9d2f5c3c41
SHA512e5b813143433f9133c777af20db5d506ed9a4661bff39512c77a82de673d8074c95658f930dc09620ec85fdbfe5111bb1692975de4c45bfb63a6bb7a0cf11b77
-
Filesize
192KB
MD55324d19ea19d492bcb47bb2f09b45b27
SHA115de6253d048b0c9a0dc9d267914b59eb7bc308f
SHA2567be9c1d4fbb9245e1d500ea4feb5a901cb5334f108bf155ae947761db1b51ad8
SHA5122c9bbc5d3c0c7eb407788fee1de147f7e8f053457aa7c88c78cebae87f3c0b8d3cb873d6deb3f085ec6353943cd8c651a93d87aef4b36e591599428b4e460841
-
Filesize
192KB
MD5485d55f49dc8ab90a8fd0b28340bf565
SHA1f12c6dad6cad8665ab995814a0cd62f56115269a
SHA2567e0ac8fdc4521498f646a4626301c2a96f07504444746908b173fa7547e8723a
SHA512439905fd28c7d8059f40cfdd010cc2baa037d5c44490b8e86cec1592e7573b19c8ee0fa73333a9f2cd82eb619931c88f5057396da16b5a55dc340b6a662a18a7
-
Filesize
192KB
MD5daad8eafa6b0f0a2e61916505bc3665d
SHA11008641a24b8d4083046d4d04badf5071fd7c6d9
SHA256f43eee65550195db71576b1e867a848f7955a4ab53268a9c7a1bb1b0dd32620f
SHA512ec367f55be12884cfc268db26d576b022f6afc5e98cbd1b5fa50772585a5abd3f0754227076d5757b504d3b5ac488f2810b9d7332b0dd5ccaf69472299db3e28
-
Filesize
192KB
MD5ef36a03251245749936b60810cbe6955
SHA1d6874e2c866cb3003ebf084d80187bac2d9fd428
SHA256b61490f2d9620bf5bb3788f36a6d86075c1e224761fa3a7ab00371b6fe68fffa
SHA51257dd82e7cbb01c1397558503f74d3fc8fc24aa278b12fb13d472ab939cc9d11b5a536fe6f7d322c0ab013e7da80342674e103dff1f2e406c7ff46150281173cc
-
Filesize
192KB
MD5b631724ba8b5278d0729ac8911a699e3
SHA13b3ce86b6ee7e546d8657037a93f82c860112755
SHA256205fca8b6944e184ff2fe2341eba1849a77994e2c302f09151678f838f17543a
SHA5126a2eb02f2e9688002cbef0caba66f74744c8bd8b0ea95c7f5b2ffdeb70851bac467d81950e463be0cae9a18508316737eace07d1bd4f298441a5c227d6a94439
-
Filesize
192KB
MD56cabe21150cb2a4282eb2f807d5dff43
SHA133b7a736bf79dd94a53a85de288634035c15c434
SHA256c61adbc7d2f966c9689af1e0269adb141f362f34d8c85d2b6983e693abd3bc65
SHA512c331923d11b40220a7d8bd57809a2fc3003ef33f8128ce2fabde6bf69eb29fb25fe00e19368fe80fb28291324b614f5d43958a085e1a45dc4682088e57ab89a5
-
Filesize
192KB
MD5a95a1c41e5c079c2b0f5205702efb964
SHA1853b00ecefd53b7c06c66fac54274a201a7a2f08
SHA2567eceabc954b7597bfaedc57f157997a44633de26cda7293b4a2c48d82e0f55ae
SHA51239bf7fdba303511e70503f70d469fdb362576cbd222e462a8d08973a8f5305c691815ceb357edd8c323757f73125f4b71fea3972799caa43f3b1a31a62410172
-
Filesize
192KB
MD51ed54cee10c7942b2214492970e3f423
SHA1fc1ecaa80812c0668ed8510edcf28f34f26a6363
SHA25605e5248924fc88afdf89153b8229b7ae27c5b0676ba62e55166890ae1d24ec55
SHA512857cefcc398e776767c31575f294a2f41dd10f875637d320375b742462e00ef4e5048f1f73e2bc31ee328c497820400e539fe2c393c96fbaaa06cf398b66970f
-
Filesize
192KB
MD5741f9af1e29630a6d5e2999bebae1dc8
SHA161977462c3ec432c80018246165c7a08cb15727a
SHA256e6bee488300cc9420fdead859332267ef85423b402a721cd6f0e440cfb8f8c7b
SHA51290893db285757c2ef8462d611d45f68c18724fe3a8a1693f1a9ad5952de3f05dbcd27834e6f5d8f18b59669416ec198892f7e48039c0159bc0e69981dc3fd935
-
Filesize
192KB
MD596f7daf646f262a63dff601fac1e3586
SHA156e9a5f3c029bb05664b7829b9b91afb278c4fa6
SHA2560e04d1bd506548a19b3e8ccfe5e92c601a8bd40752c265a2dc9748fa9df0f84c
SHA5125dbc367001ead6ffae2c80fb044923626dc5d4bc0246449f732b861f297844b1c47762b7743f596d31cd5197541ea63bf194c2e1a638546a85ec28a293e12b35