Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
12/01/2024, 06:06
General
-
Target
2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe
-
Size
408KB
-
MD5
dd816c40ab071fe0b14936c3bf686693
-
SHA1
a37e43f7b5a4e1b7c60c6513eba806bb0c386690
-
SHA256
1c38a40040616f37e5e4110b97c39f499153a8df9b287ee5ed76fb253fb8c4bf
-
SHA512
9286dac0d146a115a33a8e26d11baa83df139213cd4fc208f06292ddd8cc5be69749de4092f7b48074460e30295e135daa3460481270643298c9174ee61ce157
-
SSDEEP
3072:CEGh0oIl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGCldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-11_dd816c40ab071fe0b14936c3bf686693_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD4AA77C-5F75-40d7-AABD-97E49237459B}.exeC:\Windows\{BD4AA77C-5F75-40d7-AABD-97E49237459B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD4AA~1.EXE > nul3⤵
-
-
C:\Windows\{AB484B31-EC7E-4665-B198-B27A1BF5884E}.exeC:\Windows\{AB484B31-EC7E-4665-B198-B27A1BF5884E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{265ECC76-86A8-46d3-A578-C945D595650F}.exeC:\Windows\{265ECC76-86A8-46d3-A578-C945D595650F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E059518-C8D2-476d-A214-5D037B986938}.exeC:\Windows\{2E059518-C8D2-476d-A214-5D037B986938}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E059~1.EXE > nul6⤵
-
-
C:\Windows\{9DA6E640-B317-4aa2-ACDA-3159CE5B60E5}.exeC:\Windows\{9DA6E640-B317-4aa2-ACDA-3159CE5B60E5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D72C364-D3BA-48cd-BA05-F5EA1D47537C}.exeC:\Windows\{8D72C364-D3BA-48cd-BA05-F5EA1D47537C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D72C~1.EXE > nul8⤵
-
-
C:\Windows\{6B39D748-B2D4-43bb-A09E-89DAF3295C00}.exeC:\Windows\{6B39D748-B2D4-43bb-A09E-89DAF3295C00}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D1DC989B-E0D5-4658-8FFE-39ED2D44620D}.exeC:\Windows\{D1DC989B-E0D5-4658-8FFE-39ED2D44620D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{348DFE5F-3F80-40cb-9B01-F6302B344C6A}.exeC:\Windows\{348DFE5F-3F80-40cb-9B01-F6302B344C6A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{348DF~1.EXE > nul11⤵
-
-
C:\Windows\{E4B4C901-7F32-4ed5-9B33-470FD0B6FA4B}.exeC:\Windows\{E4B4C901-7F32-4ed5-9B33-470FD0B6FA4B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4B4C~1.EXE > nul12⤵
-
-
C:\Windows\{2D171513-864C-4093-A03F-122F4CE30710}.exeC:\Windows\{2D171513-864C-4093-A03F-122F4CE30710}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7F755222-B7D3-4ed5-83C3-4DA7C2AEDA70}.exeC:\Windows\{7F755222-B7D3-4ed5-83C3-4DA7C2AEDA70}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D171~1.EXE > nul13⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D1DC9~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B39D~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9DA6E~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{265EC~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB484~1.EXE > nul4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD594092dc9f116129adb0112dea3c6dd66
SHA1aa853dea498b05f9c55be179fcaa3a6196db86ee
SHA2569e00a2a0d0e14ded6e21453e2a97cbfbee819e196f20850ac2627cff1be4f247
SHA512f885e3d77b0177e59cd67c034f371b4d084687ed0ab19e8c3830ced2619e7be6968fb5cb5226b800fbbcbe140a93052db603a28cf6c1235a34997a3c88b48ce8
-
Filesize
408KB
MD569a7413bbb03206c69d8d446c81587a1
SHA1c1a345fc8ae525f00303c97e3ac41cdd5183f70d
SHA256c731ae9880acd37869441e609444b3ce772a93d5be71e93125cf3792b9425724
SHA5123132780a2e14fc7cb1a2f088f1e6a42e1dd0c7d1b66f722b5a868f4e22c14ef1cae31c250d222d2ab1670bc52ad7ceb8ad5c539333e686a06f4bc0ff0dc4291f
-
Filesize
408KB
MD5b31f3cfc191b9456db65d41a7aef183b
SHA152293c3b38b3f128648208dba2ac63286cae07b7
SHA256c5d9befd23b060031e55d4e2b879662f2304193a516c3c68087a72243a22188b
SHA5128530ff1bc0cc0e989a8ca8e6c1f59e172c6f0ba54a68447b21c902ebf94a6f12ced2b375510d8539cd2ebd3f38880e12574221efd3fa4132d890d799fb935f1f
-
Filesize
408KB
MD520a2def57ac96554725b25d3c185f278
SHA159907054c387729701840a82aa59158f4bb04c78
SHA2561ed8c75082740cba9fea7aabe45e795c23fa029f973749239adf91143e0c8c32
SHA51206bf6e77108ee6d07b73462d98e301c420e78008e2a5ff592dbdb3102596089b3850dada4c659740e61794f1d919481d96cbff93aa79aa3a23f6fcbdfd5ea27b
-
Filesize
408KB
MD595cedf883d9575a4a28c0c51b7d0de0f
SHA148fa9ed49d75e3dc9326ecdf8a29a6676a963198
SHA256173d0b2467f60562f53a081dbfbb5836f39eeb8e50bbc4cf6205956b5b4e5da3
SHA5125fc9e7de39f02622ee45074a166984de0c178d41f75122d1d19d677ac682f94d6a67c48dfcbe90c3f882c9af0a467c0053a49ca08451e7f5c89fffa11840b5db
-
Filesize
408KB
MD51bbe12db89af604b2053ed019e80e544
SHA1baa52e91f0c54e290de9f249b3927395098478c1
SHA2569960fce94ef74d792c43c6c9947ae359203c1a8e21372c97182bb8a66214f120
SHA5127731410a9348993104c15fa8463a99970d91b4934333e72d2356a962133befa448429a53b16c7f4934def76409be306018bef94ea3f96cca3a1b0cb38cc14feb
-
Filesize
408KB
MD5d28eedb2b0848aced0fd5f0e24fdb081
SHA18baaf79946275c9b76e0e58d0e950f1cb1b4b2ca
SHA256c86187b718ea92b132842337ff7af54f3f70aea2b4181d046f17d8afa58be1c3
SHA512f87ce1af4aa65807b4b43beef3f866f162d7612e14478f6944534651ebb2f968a3d159afdbc7d73c2e58e3a87de86d4a61c577504f96f3badc1d77b3465e24c8
-
Filesize
408KB
MD555c866301fffeaefcaa8ce3f59b49c16
SHA1e9872da1e2b9af230ac720bc953d255586805473
SHA25618ebb71b20b5d770d005f70048bceb92c1a9eb36d4e11216cb2739528d91e8b5
SHA5128ebc9673c73adb5416c22ca0a5d904aeeafaeaacba403d1cfe7fb04337cfe004ed41b6121bb167b20dc7f5ecaef84a1f3c3ac55a6f85a4fe825368a5d22fca59
-
Filesize
408KB
MD5480c56dde86b877cc6e8550f35d0b238
SHA1858e5c9a9f6f5f0a59e85bf5d61f5dad7a51a19a
SHA256fbacdac5324b12127798f35089e2aed4b8423561baecf7134314e0e3d2a31a59
SHA5128f7af61b7db595f20b28e8b33013ec3dc533d26da0d967b564c4cffac7fe52cf6b015bedc60fe8f18a7acc5e6420c5d362a44fd5dc9761b3b9a484649fc50fc0
-
Filesize
92KB
MD57f18535fdbe409bd4b6f19ac088025ab
SHA1c8444c942ab2c6943d3fd29b787d288ddd517314
SHA2566d67d3f46059022e920ebf6a645485f08b7da6a50fdab18aa5dd0ecce41d39d4
SHA512d62c938fcfd024854ae6f00c4e1671320c7be8186e386dd8c9f6ee1fa972f436371da03648030a04b26a34ad8c34c41da17b3816f7c66d9a897e2c94c422251f
-
Filesize
75KB
MD56d37928d42df84a721552408c20c782d
SHA1ecac86236807c3e8005093c09b808c116c2920a2
SHA256e2b6327f47326727d1df534adee01ac3b5e6cf0e6795adadd5900eb2eeccd401
SHA5122187801df71cd6f3c591d863ca974045ea06c552360f48f3db4492a248c5b72cc0733b3f7a46a2adf115ce6ed92631bb9ee9dc76de6ae1bef577e9eb645caafd
-
Filesize
408KB
MD58e4d6828923dc9814d619ec88d88a218
SHA134f61e1d26ac904d19019cc63f88f9006de1bb06
SHA2564372ecb4c40e1c756b2fc344ee937aad08ab9fb2b6b5a03d25e20b27ea37eee3
SHA512454f7d94d4e561dc9c46eb2940406b11caa306c41ca4aabe47639b0c261e2977ea804640324fefd5debe7dff1659204ad50c5a4955c159eaad25904fada32146
-
Filesize
408KB
MD57047590aeaaa9e5c28b93b56b776c999
SHA14d56c7c370e9c43af7ed7100c21cc176a4f57444
SHA25630cd77cebf90bc18e2148ee7bb71cbad13b30643f0c559950faff5ddc448d5d5
SHA512d9b64e065b6894880e52ed63459aabd2fed6cc34608667a5282caba3b12c5eaf7503fc9a68a82acf74a24c31a9ac8b8ba3e2708503a0d02e58a2d6aee1f05f18
-
Filesize
408KB
MD580ac005ffa354c95ec04251e97945d9d
SHA17063bd588264497a7a315e0d9f77e32d16762e49
SHA256723c0cb9bd961f91560cd6b532d2f2c8630a8982fe1a6c132ce20c7df408ff10
SHA5122958c4e75790a0fd9b4b1ead0bf8f72921b7dfa8bc6706ce15f713492032875a1e34ace23d01f376e2146311219aec8f36c624a21518664e727ac7b169125203