Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
182s -
max time network
161s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
07/01/2024, 12:18
General
-
Target
2024-01-06_eae1bb9eb676d1d0056da791d0bdd39d_goldeneye.exe
-
Size
408KB
-
MD5
eae1bb9eb676d1d0056da791d0bdd39d
-
SHA1
118639db3f6a16fdb9b82564d887e1c25f5c8d0c
-
SHA256
69eef9d6d7cc8fd03910763b4b8ff60d0c75cb4cb8b9a14d9ee8fd2f0abcdffb
-
SHA512
05e32d9b5c66ee7ee7c217a36c4f94dab237343f5455379b016b717f57efabea1e8d537f4509760ffdff5eb15ae62f481c1a142a9566fb4076fa321d74db82a1
-
SSDEEP
3072:CEGh0o3l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGBldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_eae1bb9eb676d1d0056da791d0bdd39d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_eae1bb9eb676d1d0056da791d0bdd39d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0E438894-F6AB-4288-8D04-F3E923919862}.exeC:\Windows\{0E438894-F6AB-4288-8D04-F3E923919862}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D32BFAA8-77A1-4a37-9A5E-092947CE4072}.exeC:\Windows\{D32BFAA8-77A1-4a37-9A5E-092947CE4072}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{539B7BBD-FD92-43d4-8902-CD452F3ADCA1}.exeC:\Windows\{539B7BBD-FD92-43d4-8902-CD452F3ADCA1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{960A00F1-B714-45d2-A083-C48EA5817E68}.exeC:\Windows\{960A00F1-B714-45d2-A083-C48EA5817E68}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7FCA5B2-8A70-4680-978F-333490EFE2E3}.exeC:\Windows\{D7FCA5B2-8A70-4680-978F-333490EFE2E3}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6281ACF9-7669-477e-8618-748D2E45FB3D}.exeC:\Windows\{6281ACF9-7669-477e-8618-748D2E45FB3D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5152D62D-0F23-48ec-A9DC-A7457264EB06}.exeC:\Windows\{5152D62D-0F23-48ec-A9DC-A7457264EB06}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B7491BC-F52C-4eac-8C6D-018AADE617BF}.exeC:\Windows\{0B7491BC-F52C-4eac-8C6D-018AADE617BF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4786CBCC-F6F8-4967-801C-D22EDB86D5B2}.exeC:\Windows\{4786CBCC-F6F8-4967-801C-D22EDB86D5B2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6F4312A0-A48F-4f4f-A1CA-1858E8E44D85}.exeC:\Windows\{6F4312A0-A48F-4f4f-A1CA-1858E8E44D85}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7FC888DD-A4F9-4b93-BFDE-4564421A1FD8}.exeC:\Windows\{7FC888DD-A4F9-4b93-BFDE-4564421A1FD8}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3873DE7D-8DC2-44bf-B469-1E11046CEE72}.exeC:\Windows\{3873DE7D-8DC2-44bf-B469-1E11046CEE72}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7FC88~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F431~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4786C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B749~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5152D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6281A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7FCA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{960A0~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{539B7~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D32BF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0E438~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD506d5771c4708500b9edf82925e27bd4e
SHA186059c2b8ee0f98ef8ea6ce9086265e4237026c0
SHA256658d9fec59f8a41ac9c2e775c2affec7aa51b729ec7239518d6c5a5439749b34
SHA51295a20f4f95e3d944d34ad514d524d3c272a9675e8949dc0a4641df7d444e25d5dc2679fef0efa220899ac155903481c654930bcfc9c8eaf666b24ad40e8f70ff
-
Filesize
408KB
MD594ef0cf910e54fa87bdb7efb81462b8b
SHA1c27da597341f8e374473b6818737abcf2e712354
SHA256dbca9edea52586c51abe136dc143c20a771de08ebd65f067f2fde4b19cde0a65
SHA512379e1c1aa65d8a081a8b6c30e1ff2ccb533bf65053a6413731ff2473e63c41cde2cf56bdc06f1dbc4feca67a43c7c4a517c0cb7121fe86bbcbefe617054bbef1
-
Filesize
408KB
MD5f0b46496c8b9d7ed69564c9598cbe4be
SHA1e8deb49db1c440d93c7e9f10887a51ce88d9446a
SHA256e6204dda87fb1f54b67ef2329d748284b4c88aff1e0eed45db101e87c81e2d3e
SHA5125d47fbd2e246e9590582824505543545fb92b4176624f0e042fafd4115e33871aa86aefc3980f5d7d7e911b0a13b5581eb2e294453e8134b2a675a722d1a4abb
-
Filesize
408KB
MD5169ebb304e317fa6ebdf2082587faa45
SHA1361437f91ce4e2229f652850238b2d51f925ea33
SHA2565867b6b8796f1d19d42935e04ac2d0436042ded9921b20911628599a23c61cff
SHA5124ca6c3d42c40043eb1ccbe06e98eae71653be99f59a5600ba0d0def49b381dab8fcb7060648643215c340cc46ebcec02bf4b9bb33b5c84fb1927b7db422b45b1
-
Filesize
408KB
MD5b462cf29529b7c66ab2f902f0016ae1c
SHA11a9f8282b06d8b64e486b2d0bf6a0a3ffae69e63
SHA256257b79adafe3ccafc84d883aab02c5c523c755344e11c0ac0d59311a716d6dce
SHA5123a6853555e616b9bb7a08ac8c4e22f1af806138fdf7a9f2af7c14d0a52d0169d7a8d3ade7f6777df250361dc2ffa50bd512f1f58cb62d5eb26d8529562af912d
-
Filesize
408KB
MD5352963ddac8f033bd4a67b26066cd0a7
SHA1340cab02b9e8fc1bb2a5982ad4eccf39aae50e36
SHA256f4ca6fdd2ec67ec1ee4601c8c8ae3a721a567ac74b5631d4659810dab6ceb872
SHA5126b11dbc53f368b5354a5869df6c4e48b662686ce4df8ed17a8e5a1ceba57f1410c262f5c76e284ce7eeb8844d6c6a72180e6c635b3627d742a6c2f9ed7a375e8
-
Filesize
408KB
MD506246bc0daec11d85e324a7ac5642abd
SHA12c6ed220b6cb373082216ca11806f8d5b495581d
SHA25615a5bb1c8b4c6a9cb7f62c0c39d656552122edb8537a102529bfa9e5653e0d4b
SHA51219f6b776fcb44fe3e09b4c9ace7439eaa822b9a50567bb65e582e2b9ede532193db20021440a2b55da26f8dc43e7e595a4a5d7849bd1640b2c87ab7c3cbb9e11
-
Filesize
408KB
MD595a057cc685d206172df71ffced143cb
SHA187c7464effe6d2824109b8d7826450bba78a4bda
SHA256c1e76519f1baaa1d4f8a7eb43ea4bc50a9158d61400e50cffca6d7ca4ee0a6bb
SHA512fa189fd65bd679a43935e27a81796b18c9ce43f7e13dfdee30f7021b01c52a57a1fbd7c063ecf2e85ed1724a06b5f357410f1070ffe0a4d592fa2a1c37abb2a3
-
Filesize
408KB
MD596714f4c7fa07cc3473b9763d26707f9
SHA138eff0374e04eb356d3b3514ad8780ffe2b487c6
SHA256e5b4b34368cae01bd21af174bcbc2d15d9c8b6c65bc72a29d114d663dd180838
SHA512614cc23a25e0564202ba63a9f7f7ae234fa7e27595b0bd9928028c4ca672967077afbef78e42bcbe379a78effa0b90837ccc9ea8334011b7973b88049553a273
-
Filesize
408KB
MD53aa094bfd6b502018b945e4ce7644b95
SHA139ad8d78cc550d4d7982f725fabceb0cc7e0b4b6
SHA25660377df9c8307b9867dbd2ee9f2a095e9ec185bf9394c794af57b1eb891baa15
SHA512366c305c6cc6b2a39faf65e0caf91c0a3382fbeb2f7adc39013017af8ccfb2fd024406aec410e9403e233bde6575247d80569157ea0968df6e230596272087e6
-
Filesize
408KB
MD58faaef8c0ed0baee13b349aafd46c3db
SHA16b8cc9197c9774a3767cfb1a144cfcba18a30869
SHA256e4812278b5b3e0bd4ae9ca19e95cc02d42b498f56a21cb3526064438dc5c3849
SHA51200da04b6aa953b5bc5ce42d9515e6e37e04070f08092cb77fee600d9a6477fa87ddda0a46cb5e436f8d34dc9439a037a19536a82eaa93d434a7124a0f0df8476
-
Filesize
408KB
MD53dcaf5343652f111e041e736397d808a
SHA1847259cdc419f99375adb16127f26b4906ccfcb0
SHA256f1f7424f0c0dc4d7b5265cbfd4477ca79b9c0f8cdd35014a1ec3cb5cacd9b2a9
SHA512400eef3ce1e5baf5d8e23a3a04ddb561a84159d5646af7c7ff8e211feb58ba2395eb668960abd7a191f36f8c34410fd3fbac20c45a28ddceed59d9e98a24e373