Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/01/2024, 15:44
General
-
Target
2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe
-
Size
408KB
-
MD5
be6a88c723dd114772f8b51a5bb8087f
-
SHA1
0ff979602fc0fb522ae51fb481087164397ac6ef
-
SHA256
eef59936c57c004f2d70b7b5f5d3efde38efe8badd119b0ee22073bea4fbe61a
-
SHA512
0d795f135d8770b9df66a6acc3b16994fa531e645f0d1795fadf1af1fcdf0410f59d03822c8e6b35ccfb500732d1801462334688a88f6b58444bc7d8325e96b1
-
SSDEEP
3072:CEGh0oZl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGrldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-19_be6a88c723dd114772f8b51a5bb8087f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B106382D-F3FA-49e3-82E5-8003BBA2A982}.exeC:\Windows\{B106382D-F3FA-49e3-82E5-8003BBA2A982}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4330706D-F7C5-4b3b-AEB0-3300CF12EFB4}.exeC:\Windows\{4330706D-F7C5-4b3b-AEB0-3300CF12EFB4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{67EF76B4-12FF-481e-9B22-834311E472D6}.exeC:\Windows\{67EF76B4-12FF-481e-9B22-834311E472D6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{67EF7~1.EXE > nul5⤵
-
-
C:\Windows\{1C2E9EE1-D645-4188-9C80-828DC5EC4386}.exeC:\Windows\{1C2E9EE1-D645-4188-9C80-828DC5EC4386}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EEDFC024-0C64-4f96-A69F-7C10CF396238}.exeC:\Windows\{EEDFC024-0C64-4f96-A69F-7C10CF396238}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3912C87-B50B-4a45-824E-BC99E4567D9A}.exeC:\Windows\{B3912C87-B50B-4a45-824E-BC99E4567D9A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3912~1.EXE > nul8⤵
-
-
C:\Windows\{1ED54437-4E70-4398-AA59-50660C43D594}.exeC:\Windows\{1ED54437-4E70-4398-AA59-50660C43D594}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{84C0D433-44D6-473e-BD08-9E1E86DBFD10}.exeC:\Windows\{84C0D433-44D6-473e-BD08-9E1E86DBFD10}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{90788EC0-E0DD-4773-AACB-ED9B9BC162C0}.exeC:\Windows\{90788EC0-E0DD-4773-AACB-ED9B9BC162C0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1905159B-9DC4-4fbe-A782-0DDF4673A4D1}.exeC:\Windows\{1905159B-9DC4-4fbe-A782-0DDF4673A4D1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7C0B24C1-64C2-4975-ACE3-85E10B71B2C6}.exeC:\Windows\{7C0B24C1-64C2-4975-ACE3-85E10B71B2C6}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19051~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90788~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{84C0D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1ED54~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EEDFC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C2E9~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{43307~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1063~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
33KB
MD5ded5daf8db2b656101deb9f8c6602638
SHA15689c9b923543c4f3e5f32d643c3e287be89e6e9
SHA256116cb160f189176b6f28e6cbd2119daf3e8386b752601daa43b524e81fb04d30
SHA51263c983ca2360e6e680118aab6111744831d94bfae4e94ee1c662f96a56c405a680e4904a2f320f16dfb2f3925d2d29d1002bf8ad3343f3fe38559b03ba5f8b9b
-
Filesize
408KB
MD5ca36de879321661b9a12ff69402fd056
SHA1825d87192e8754930a4aa13a6b6e55340d229ea8
SHA256dc0674fcd8fb2f11b3d212ac4169543ea9a967f9b3a2245559f2b4afedfecd04
SHA512e4dd992d136493377ca0ad2051ae7e6ea743f91c6f352689a4d18bf4a2cf1e2c8c238b86425bc9fa631fb79fa11365c0572b4201557de9f12ca6e1853d1dab11
-
Filesize
408KB
MD587eae2d814e685553fa659b69d18185c
SHA1278f0e3506721418b236819038c12a24de1c9270
SHA256ebf0d459233d5f6b841f000aef40a52dd594ae65bb3946013b92fe1c7820586b
SHA5122ffd1daec560e37d082a700e0b6dc43a1dcc3e552417b9d80eee5e7234298101404d1b28c065439fbfb3f57ef9e3fccfbfdc0bc31d4f41950b9a5b77b1737320
-
Filesize
408KB
MD55cefe68a8ee7b8b26270ce05d5db6004
SHA1dda185bdc7b6488b7dcebd131ea10698738eea45
SHA256880cec9c68fb619792b4e8fcf4d4a44d159ff8eac9e4512d13655906ec0a5e32
SHA5122ca75f14f12c207d1f10ccef91f06bca9612662f8d33cc2fe74189bc487468f56594ac7e2c12ccea3260bcfa4958c5785ebfe4bf5d69cba0b38bd0974facaaf0
-
Filesize
408KB
MD5dcfa7eefe04188a503b282689f7edd23
SHA162b2dacef6ac84f6a66386c91730a6bc0af0af55
SHA2567d7b3e51d1ca51d37f54a2b88e196e0febb5f6dbb7cfd3171ea1bc6097be1847
SHA51276f7014dbb4c681c58bf754e1455d02f0e0c46dcb94c9f0d0300709ec96b642dd846ec45ae695c5ec8144f0ed88e9770bcab076a4e8cd944ceef229a8e0708db
-
Filesize
408KB
MD57cf5c08a4ac0cdbf65b221bab646e2e2
SHA1edc8868a572eed7e4ff27cc334914a8bc0cab279
SHA256f25234a873f3caa93213eb8114d0ed34c6699f78b39b9c7c1b3b471b501e0828
SHA5129b4048798a1fdaecd0b077b0ed25bb6fa8c968f370b87a7dfbf835d89099ebcd326b7642219ff0885a45d44a17e08ba9158b3fa12740be8775d96f03a8b1466f
-
Filesize
408KB
MD5214707336ce6c48a7602634d59bb7158
SHA11d8b18a6caf5713147b6f8eb0cdc501fbe27c0fb
SHA2560a8e6072ecb09363eab97f3bd271a81aadcd28be4be63212eb330d71323dbb38
SHA512a7c8643e842d5746318db60ea0c52c68056c107bd3f97723097c8c224c462757a4e0f94f6f084450036687bce66ff615f73aac7254c7a2bc4fc58e3c4b2a2efa
-
Filesize
408KB
MD5b6d696f329eb22918dbeb85eaf127b5c
SHA1a01bb690b81b0e564b8ee2be0346b1707b26d5f8
SHA2560f88a981849e9a1ebe313d6e9f204ccff7bfebe76f72688e83052688ad232937
SHA512f7e83d51c544932df4ed5dc8c5290c3033295710c69f03261f872d33778700ae4a2f8d1c52665a3149493209bbd202ed2b214f439d2009e1b6392adbfc87655f
-
Filesize
408KB
MD59b7303dbb2712ba0880815ba01e9131a
SHA1829cae3cbf3b8acc858d57e55f9ea033ee96c55c
SHA256862b7fb1aa7649310ade85521e3eba0662275c83bd19ca4ed3a53869fe98ab3f
SHA512c122a5145bb0b5600f43f5196c9bd03a44de2c58bb416aa431488517d3124f032447680ab47b11a7207b90dfb7dabdca88e48814c6abc331a1e41ccd5eca21ad
-
Filesize
20KB
MD5dbd5b173b5c116a2d4767d9abe2a4da1
SHA15b9fc2e89742c1d8e09ab0660d490a9e6ded146a
SHA256bf352bef92de9de9af5c98bb6f93237e17b1a7ac899541e1a0fef43d30e000cf
SHA512c3b03bfc5383eef5bdd71e1e6217dc0e55bc96a885b0f49a51e3988cc69662e4419dfdac7cfa1693e73c474ed88a8d2e20ec7418263e9042a2f651332a562c70
-
Filesize
408KB
MD5aba41c49682bd4dc4947b8b0935a9c36
SHA121bf859d45d84494054f87187faf37a8bd08ce12
SHA2569abbf2a454ccc5fcedcb1b865b514599479925e001ca92b112ff0f601e10ce4a
SHA51220c3d992b917ffe9774bd84f852cf96c9293cdc9fbb240a1a4d25f0d00089c3c61574f1acd4a8a6f31b1aba6121c6751d5a020b808aae76d671e261ee9bd87f4
-
Filesize
408KB
MD542baa0825a64a745f97063b6445f3829
SHA163c1f517c0332c49fab9da2b3eaa2207bd34dfb1
SHA2563e28c128fb65386b6d614b412425cfd23c7b0f83ec8b14b5d6f9fa184edacb5a
SHA51236e90414f4dc6100193a73f8a60026ce30034b6cebe1e90e20046890b481e84f90a73699fb835fd615e73e2f9c24df9946a3928d056f802a8744be05eb87a9d7
-
Filesize
408KB
MD5300e700562b5b7580141b664a3830053
SHA1f7579f97c410ffd673a407eb256cd5dc5a2d6b73
SHA256b29c32fb13f43e6d8406b19b10961789b3d28df5662b3160885420b206297b6f
SHA512b42ec35ced983cba26e48e46ed5b6ecb4ec059965686990f47a935d7cefd4b61ebfefdbebfcd1eb290923836fa9e3cdc678a8436870b6fa83bdb84e976e138dc