Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:10
General
-
Target
2024-01-06_610fd0b97bfc22aba237692f9f90ea85_goldeneye.exe
-
Size
192KB
-
MD5
610fd0b97bfc22aba237692f9f90ea85
-
SHA1
458b6d6473e14b3e74128d3f3617f39309aa74b4
-
SHA256
6496ff44de143cdd4eee2d6e53b3b199d5ee0f4085d63b441362d16cda0f495e
-
SHA512
d0bb484bf5035cd83396895d7026359c82e44062e843251474de776db76015b057c71554188e2894b19774ae71f3ad0f63c53cfd6e9bd6ba81bc527317032594
-
SSDEEP
1536:1EGh0osl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0osl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_610fd0b97bfc22aba237692f9f90ea85_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_610fd0b97bfc22aba237692f9f90ea85_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{438A48ED-8EB4-4349-942D-13A9EBFBEE4D}.exeC:\Windows\{438A48ED-8EB4-4349-942D-13A9EBFBEE4D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{54E900E0-AD7B-4402-A6D8-28E60864AD91}.exeC:\Windows\{54E900E0-AD7B-4402-A6D8-28E60864AD91}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54E90~1.EXE > nul4⤵
-
-
C:\Windows\{95CFA99C-FF89-480f-BEFB-8BAD457108F0}.exeC:\Windows\{95CFA99C-FF89-480f-BEFB-8BAD457108F0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3BF558CC-9163-4d2d-B0A6-42BA5194C3F9}.exeC:\Windows\{3BF558CC-9163-4d2d-B0A6-42BA5194C3F9}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B7F58DCA-3490-407f-9CA7-086BCCF79E46}.exeC:\Windows\{B7F58DCA-3490-407f-9CA7-086BCCF79E46}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7F58~1.EXE > nul7⤵
-
-
C:\Windows\{F9BE1469-24DA-41e8-A1F0-36265A2F6098}.exeC:\Windows\{F9BE1469-24DA-41e8-A1F0-36265A2F6098}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69ED0FFE-7631-470a-BD99-64B1F0ABE68F}.exeC:\Windows\{69ED0FFE-7631-470a-BD99-64B1F0ABE68F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00256D38-1776-47c4-B881-F78C973A2F0F}.exeC:\Windows\{00256D38-1776-47c4-B881-F78C973A2F0F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{702547A9-5220-48a1-A253-B9FE8F5A3DDF}.exeC:\Windows\{702547A9-5220-48a1-A253-B9FE8F5A3DDF}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1FEED0CB-CCB1-4a53-9543-F8CA58517977}.exeC:\Windows\{1FEED0CB-CCB1-4a53-9543-F8CA58517977}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A35F8BA7-B550-49c7-8857-3CA3443815C9}.exeC:\Windows\{A35F8BA7-B550-49c7-8857-3CA3443815C9}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FEED~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70254~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00256~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69ED0~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9BE1~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3BF55~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95CFA~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{438A4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5d71c83c750199e9005f55f0de8def508
SHA1aa2cdcdec28f24fdb699d59e24476ee7b73b82dc
SHA2560d3483ccdebdc67b548c76705211304c27e1156c90dfc0ecafb31c91372e37a6
SHA512c204f555608f3c2d486499aed6b6ae3db8b0ca79fc1f3973202453d0e79b992050d6c6ebcd97fd793589084b2faf6f2b009b2a33783bc145e234ec9447990c2b
-
Filesize
192KB
MD50e0d1ce9907e075e75cc6d0d4e3799ef
SHA153e6f55d03921445198f68c6b3c7e53c2fae00df
SHA2566309d9e5357bcb4ff240e5b9f9f9a46d3f6b712e15dabfa61efc64cb41bc38c9
SHA512c049117d9d227d44193c12df0e4b3e3f4f700d19aef0267de8e8caf223e8511d12038f90604f054d451ed7db794feb1f546293269f3beb810998ec07395622b8
-
Filesize
192KB
MD51e22433963d593d7d09d2c5bbd73c30e
SHA1c84ac650406812b068fce3de247648178c4d9c15
SHA256e095a49f63212a769929303faac3ccf7cf7426cca4877e9beec323ba9cab58e7
SHA5123dad53416d8fa3a2b8ad1161a09581b8618c89f2989ec14f1158b61c73fefe9869953a39e235c08da5d9f52b1a262f374eb24b3cbc08a45cede897d1a3b54b3e
-
Filesize
192KB
MD5429248eb99efe6463e5ee7021031e1ed
SHA18045b6e9e9f1b51bb9357f090adcfb926bf9ec0f
SHA256423e1a31965a4fa1e39a3f0ad417ba207c7a729c7754353b87eb3acaec3beeef
SHA5127be86ff43da74b23a4ac457778007c532cae58f41234bc0dcd1971350cea7f84b11060be63e6e54da4be2d2c73743470caf1857cea91d586a5ea54c4be61593c
-
Filesize
192KB
MD528e5cc7753ffdcbb00c6140b19c3541b
SHA17e0defeff5fb9f8d1f78e1a457dc13f216e59ee4
SHA256c59ba5fb0a0b0cdc599bdf07457d4bff1cdbae3465bc183320bc8cbed0de5f3f
SHA5125ad5ce0465124d46c7fd924919d7b3df28113b6f3a08ae572ef289c93bec0771ded1d3434bc1a1823c39e282cfe1a020d8d923a225464b0e0b4545390f83d679
-
Filesize
192KB
MD52797ecb718993516c63b4561f0e78a84
SHA11b92060d475002b6be5e9a74a5bff0100bfc08e5
SHA2564c3e44e8f9f26199b2c0404836c66fa5f021568d25548c461cddb0dbbc22b37f
SHA5128f5cb14f3e464efece097219237375792f16901090fbc909e0e93bc3e52aad48293040647bd49a72b166013546cc6a130834595fcaa46df94d23802cefeec9b6
-
Filesize
192KB
MD5dbd01449257313c49e2d8621f9a1bf67
SHA1cc0b7f184e9b74e1b5a3b473b744758a3fd15080
SHA2565dbf2c6897c1fb4bedb26c5090cdd222a5ea30422bbaa934b9f605eb446cf971
SHA512b8733137228a59b4da694e9f4e4cc698774843499409b8a502932d696f46e89750edea72492f9d75d0f9ef1fe9d3d20b984472ef4fbb106e7f73ffd4eb07ef89
-
Filesize
192KB
MD57a9ca840e54f45dc5e99a2d3445bcea8
SHA17e8cadab84f6f9d5f08e09c60c33b9f5a24555d7
SHA2567b7b9bb81bdb0441056bcf1b198370cd388786c528bd07a4680f4b1eb3fe40f4
SHA5122fdad372ee4707278eca8f8ccbe58e580e0f8959c6777e33e5edc97900d2effffda10d344551a094b3b17886a2f7d385db456886437564876f698fff7369cb26
-
Filesize
192KB
MD51128948548d0a1ca678461e6d9f179ce
SHA1ec0332ea268d6fcff5611396087abf3f6de3c567
SHA256e486018a9b503ef99c7737d7dfccecf35047b20d4a7833fe03fe02d03b935c84
SHA5127c6e720b68dc6f29a7ba442ef1719f213b93c7ec85abe15d69897faad98d42050030d9308cc2f3bc4213811669aef034aa6cc3cbde6b3511c5913f1a785af862
-
Filesize
192KB
MD5f3467f76665d4d7f37b67f78a8aa5540
SHA1a8c10ec0b4ac440726bc64392150a59d4743fd8b
SHA2568c0f2af2cf700d0e686b0eab5785e89c3f9d8c79532b246d87941094d49e97c5
SHA5124517b63c9b143f0a530d2e45537b2d42318cbec482cc5eeca0aa7135f88651c1f9a6c86d3d3b80b123422c277220ba047fbc267da02d731a8ed86eb6320a3944
-
Filesize
192KB
MD54791e2eeefc7783508e2be7a91422f6c
SHA12a7dd0e4fc73e534b1d3f52dd74dc6d7c3b570ae
SHA256eefcfeb688a67d094e664664644970e8b0a0bec96d14cb7fdd8e36bf2d416ac1
SHA51247d73f286e99bdb6f5f22ac30d6e957e403844db942394d32c5dc9955d76c0e74897295a47bd0cafa47904c718e7a821f57e0a565d1b6b44cd3b0ae284f6749a