Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
18/01/2024, 22:36
General
-
Target
2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe
-
Size
180KB
-
MD5
309589c06a00682b259f27c71d503ada
-
SHA1
11f79ffc3e7c67c6380a7bdf397ccdaf0c273179
-
SHA256
08e17fb8c4ad78d79d50fdda2d4415a7a62a07545ce92bf7125d0ab04676788d
-
SHA512
6fd1adce8a1a12e66f69661ecdc6249b29317295a58fdf19f4bc9ad3d5027c4c4bd2a49e65be1c7dd432c6aca962cee086b289304beab6bd03755a208ed4f34f
-
SSDEEP
3072:jEGh0oIlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGql5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_309589c06a00682b259f27c71d503ada_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A9FCF504-C8B6-4861-9013-A0C3C76FE448}.exeC:\Windows\{A9FCF504-C8B6-4861-9013-A0C3C76FE448}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{25D82104-7806-46c8-9ECB-C620D26E101F}.exeC:\Windows\{25D82104-7806-46c8-9ECB-C620D26E101F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D5717373-9086-48e5-85AC-E012C5F9AF6E}.exeC:\Windows\{D5717373-9086-48e5-85AC-E012C5F9AF6E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{623CA876-13BC-43aa-9469-FA1902EFE066}.exeC:\Windows\{623CA876-13BC-43aa-9469-FA1902EFE066}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B1FEB70-567D-4b98-A069-59DF32303158}.exeC:\Windows\{0B1FEB70-567D-4b98-A069-59DF32303158}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6EFFE931-EE0E-4871-AF06-6B6A6D58557E}.exeC:\Windows\{6EFFE931-EE0E-4871-AF06-6B6A6D58557E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06C1262E-AE62-4f50-BBBA-BC6C781A0EFA}.exeC:\Windows\{06C1262E-AE62-4f50-BBBA-BC6C781A0EFA}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7D38B3D-39FE-494e-A77D-D9A7AB176CC8}.exeC:\Windows\{D7D38B3D-39FE-494e-A77D-D9A7AB176CC8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4CDE47E5-11DA-4d29-A865-37FA2AA27A76}.exeC:\Windows\{4CDE47E5-11DA-4d29-A865-37FA2AA27A76}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F4ED2CE0-D1DD-4291-B011-A64348D255D2}.exeC:\Windows\{F4ED2CE0-D1DD-4291-B011-A64348D255D2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F4ED2~1.EXE > nul12⤵
-
-
C:\Windows\{79A52536-E0AE-4a37-AEBC-B14D1E48A0C6}.exeC:\Windows\{79A52536-E0AE-4a37-AEBC-B14D1E48A0C6}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4CDE4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7D38~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06C12~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6EFFE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B1FE~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{623CA~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5717~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{25D82~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A9FCF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5f66fda2bf8d41e179a07e3edc74a0f34
SHA16df53cd8f70d2a7d327f8a3915dfc624f73845a7
SHA2561fb602a8b64bb160c7bcfb721f389efd0d04c7a6ad117e233155976ad633ccc5
SHA512e789229de67d016f069f46cb1646f1f03a6e10cc7eef11353e1d2702d2fd8c17ffb8493d6c1e9e333bfbdf65ced9ba1f88ecae9beb88f61ce8087b564e2a257a
-
Filesize
180KB
MD53c57fb9c53b47453eefc98228c1cab16
SHA1ba6ce9bcd6e88c8ab84c5b543a09118573cd5622
SHA256d38a6dac72c7b8d4e00533ca436b7deddf5ac0625708259942b1efb173cbe42a
SHA512a46b60f4ddbc4e2c790f1f5a2555b4836ca925a62fc7fb5b42df7c84b49989f57af2bcf7d2de8fda4a4037d1dce4367c608edde30fdb94c287c591077f630fc6
-
Filesize
180KB
MD5e5ef94ae487a6afee0b0e6f5f4f76bca
SHA1b64f01be843588bcc712e7df46ebf727d66f4eed
SHA2565ad294ca0481ec25829eb40dcf387fb3955dcb52e5466f48edda3349a6865bd3
SHA512facf41bf05410081b1163e87afd2752abd9bfd951992d3021686904b31bf0079e36e7c8ec2260e116edced556546e61063c046d50467ec2281c7fc5aed40656a
-
Filesize
180KB
MD5ec70ea47c351a5d06cee9093d98d2232
SHA1c05651f1ca02c306337d03f6f7047b6269fe6855
SHA2563932e75fc48db254edd5cc96b52c706a10608bf4112ada40ee435ffee4593ce7
SHA5127679ba8050b43d332db3c6e324d09f7c97d774e422f207556318b4721dade4a884b82a382112e826bc9e59d4ed29ecaad352342f5297693a038dc0c14de396ea
-
Filesize
180KB
MD5dde6d6bc915e4cdf1987cec2de9f63d3
SHA1451b83b3b09d32337c37011aff086eb5a6be41f1
SHA256638473e076b961b33d47750e8741e6c31cd431ea1175b6c8328a5d2b56f67f6f
SHA512434bcc19264935c3a6723804ffc24bed75f1d19efb03d9fb2276558deff9482f0471ab0681b670d1c4b529c5785397efb0c46fe5d563933e8b673b7d798410d5
-
Filesize
180KB
MD55bd48cc7aeb7f9ecb1563e3a5bd2bb72
SHA107b17f95aa91e577275ac4391232e3e0029e6f9d
SHA2561d0240eb68fbff1d83c4d40b4e05bfeb65fa95ff0df7c04f950338894b135fe1
SHA51213b76a1e475bb1b8929cefdf883bce4fd2477e16b5ace8cd14312dec1bcaef8d660ff5d352833926158ea7a92bbebbf3de256db4fc8dc25f9b18987e79644bd3
-
Filesize
180KB
MD5c7bdcefacd3f6f7d6bdf4104d03d09a3
SHA1c866d40e73d411c2949f6916b54e28e1ae157c49
SHA25622b795f6e568544d759c6be563126b1c107c3b475f7b69b2843cf0d7cdba6c8e
SHA51212c4dcaeac0b8d4114934f7b834894cf409fe43fd18e649e42f74fe0628f3a9620cf58979d90ba40ad127b4b5e5af9a17873c1d34ef0896f7286dcf0735603b9
-
Filesize
180KB
MD5477c16fb55b80869660007bb05ee5b00
SHA162ce1ef883e85e5fe0cdf760671f945520d661b2
SHA2566000d780fdeb21d7538b5403b54a223913e163d9b503641458845da1fee0e616
SHA512e7b4e921d0b4fcc55961c08e6565e3db4978526605d736d3370f4e255a0ace49a8eeca379c11b4ecf0927819288d6540d55f782532a5d6d32f7d245f4084cdf1
-
Filesize
180KB
MD594136f04bbcdeec2c8550b9d1733afc0
SHA1f0e2602447172bbd8a54ffdf266287f16e98c2c8
SHA25697bc2ce76f2e5a8814535e59d6118e9f500b011400719f5e0358211fb150bc68
SHA512eaca4a645ada2b8a858edc2c1ff1343277417d86a3d23b7a19cd66477a904367ed3a3d6e4e727180a09ed2b8f5f8555a34aaa630208b391b9b53dc167da2477a
-
Filesize
180KB
MD5e4836fa8e63ea9d852c02f6436c227c1
SHA1da5722724155d33a9540f130f7f25d44297dcde4
SHA2563f59af8d968a5ba64c3281fe6f02750124b59c7f14156c79708214c8d1ab341c
SHA512d6a123dca34d4ca293958a52d11d6dfca0bb62881f999c0e3c5c34f6ae93eb04baa5b24d25eef26034323cab3d90f257ce4ad37297c699587905b0ac9bd0f6da
-
Filesize
180KB
MD54e964db2130b31e417b3090d96dc9b89
SHA1c59168b27e27de8c0d3ae7de0895d7c2490e4709
SHA25660aec8ba3b6004cfbd2f890546cf6d7f51540dd7f93bf5e74490edee77af6830
SHA5124a6d0c338201df3045710a90b0e393961a474597c38c8675a8bd1c084dae5b87d0920b965e9b8e2e38dfa779e96662f444dcdedba84be0e838bb8f6a95ab659b