Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 04:54
General
-
Target
2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe
-
Size
168KB
-
MD5
f495162d79908d0f44e3802b4f30d6ff
-
SHA1
24761d93baa01fb00e0937c0c2d848388125c4c9
-
SHA256
e135817364bb619c797be1cf321e92579387f36170b7d696d246ddae6e143ed8
-
SHA512
4cfa6b52b8dc629ae6138f0a0cd2aeedd21fa436b7c1083dd5de83c03e013a488bae371a231af24cd2307aedd7af14ed17354d4f92714953400eea8ee9206a34
-
SSDEEP
1536:1EGh0oSlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oSlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E3C10181-F621-4721-9D9B-27462BA38FF2}.exeC:\Windows\{E3C10181-F621-4721-9D9B-27462BA38FF2}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FCA0D1CE-9250-47e8-8DD9-C007BD0BBAFD}.exeC:\Windows\{FCA0D1CE-9250-47e8-8DD9-C007BD0BBAFD}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFD8BDE4-CC01-4e9f-8783-ADCEC832590D}.exeC:\Windows\{EFD8BDE4-CC01-4e9f-8783-ADCEC832590D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C2CDCFA6-4441-4aca-A355-64CE0C5AFBC6}.exeC:\Windows\{C2CDCFA6-4441-4aca-A355-64CE0C5AFBC6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D7ED31FE-74D6-4a39-9196-540030230EC9}.exeC:\Windows\{D7ED31FE-74D6-4a39-9196-540030230EC9}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D30BFFD8-3255-4ab2-A68A-D3AB8A090C66}.exeC:\Windows\{D30BFFD8-3255-4ab2-A68A-D3AB8A090C66}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D5BC1E27-696F-4b44-87DB-8014283B1EBB}.exeC:\Windows\{D5BC1E27-696F-4b44-87DB-8014283B1EBB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2378CA21-B50C-4f68-B418-845669BC6922}.exeC:\Windows\{2378CA21-B50C-4f68-B418-845669BC6922}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0F4AA0EB-67E5-4558-8A0C-7BF91127578D}.exeC:\Windows\{0F4AA0EB-67E5-4558-8A0C-7BF91127578D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B0C4F07E-4E53-496b-A435-B7034052EC99}.exeC:\Windows\{B0C4F07E-4E53-496b-A435-B7034052EC99}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E0BC3216-F98E-4ce8-B3B6-7005C9030853}.exeC:\Windows\{E0BC3216-F98E-4ce8-B3B6-7005C9030853}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0C4F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F4AA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2378C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5BC1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D30BF~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7ED3~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2CDC~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFD8B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FCA0D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E3C10~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5c88710f9f63d4f963e653ac08111967c
SHA1f9f31f05ea60564a73337a8f7d00a0770da35746
SHA2566c2c440403e4a9a470c7f310b007bc17b1aad01318d0c887d66cba857f220e0d
SHA5126e45996e428b936f6ed5607c483bee2546f433020cae76b2bcaba129139e891d82d26feb4866fc33d613f746fc2cdae0236f9ad59cd43eb2810e7773061ea945
-
Filesize
168KB
MD5eed0da4d7dc0fa5e3a5679233c1e5726
SHA17ad040aa28644ba79044687e346976ac896a4aa5
SHA2560b67b0ad9a129c4ee7d62d9eb4fecf0738a09beb1ff15f9e4b13c11c782abc20
SHA51239f94d5ea2696022d2a252e91c8b37da668ded8e4b597d47150f50bee30e58888dfe1ad802c64a7a283c66434b056e70a3be5d9ab78303896010dae01fc28df9
-
Filesize
168KB
MD594b9ff34d6ff2f4323104b1723a796fc
SHA1daf2849b355b0c3c017bca3b77b03e13f21675e4
SHA2567879be7242ea41dfaa8a0e9dbc5954c001aa2e4042949f4794ed8347ac79fe3c
SHA5128a70e603d54d8c82eb983c89a47e355832603a272f8d26d7f03aee0ad192d289d0a39d201a4ce037928a10cab5deb2e79229eb894966b77c75b786a5f409fcaf
-
Filesize
168KB
MD5b572ec29b7e9ba7a0de9e0b9c6bf6d83
SHA1c1c694501d52a7ac84af020cad78b483a2d57368
SHA256b533e44d52072a2973cbc755daf04bca52593526c12a5704d90df2a79e223d77
SHA512175ea676f3777ca93d67a6355fe5cbe205a678c240ae00c28160e5715501509d96281be96d64c1c8f4002895538b6e5020d9a0f9c8fbaa83bc53ff6596167a13
-
Filesize
168KB
MD5f3a7993daa76dadb2fd93d30e8d012eb
SHA1055ea1e367bd6b92270e98117951214f6d6380f2
SHA256a430e6c316eaedcc49c569ebb30daa85f562302b331d263b9755a5e7b832df6b
SHA5121783b070390a4600c9c7f0158062e5c057b158e5e142bb164a012c223eec98d627494691cbe08b23a9e9627846b214a2856f00d03da3ee7dd3ee16e84a4230b8
-
Filesize
168KB
MD52e1d9f5ce2671c19e968bba4145855cc
SHA1a8b74cfcf6e5e0618e48d378a35b7ea72d854712
SHA2560b33fd23f5f909560880b41b15662a466274b2607e349e447ab3d018ea2665ed
SHA51249c9d12e94ddf0e977d979af447a410721d8ca596b255b3b2af870675f2ef6868125cbe90322d108110837766f8344d0a75e52f2ac6a2f7654ea95336f07c40c
-
Filesize
168KB
MD5a76fd84d8feb0169c5ba5fcfeaabef59
SHA102853fc93360ab0914a6a8d63ab6977e461fc85c
SHA2569a6a0d86faba7d5a5207a16e186791c0b460c04ee3524fe110a2cfe650999cb0
SHA512856a27bbdea04c7cce1b46b8529548cf27018d79a604b8bb98819ddac81495482d658be862fb0b08fd8df463d7b2bd3f63908feaea81bc2d4e5f591fac0ea661
-
Filesize
168KB
MD5ac36022e6e7eb10c4d12755504284280
SHA19981bbd6c6bc99e61288f78d747b06a8ee08b67c
SHA25664901f761065bd93d276c2bf7a4f4b2f10e95fed3de4141c3b4f3104213f683d
SHA5121ddda69bbc3debe3130b35450b9781e298dc9c790ead803739207a16fb13174328842da0baaa4b9a27e1a10b76abcf48afadfcc1527ef786f7ad2a73f041b199
-
Filesize
168KB
MD5098d3d5d6d11dfb2f930e9abd36c6d88
SHA159ddeebfafbeaf020dedd4d8a0c9cb0b34b395c6
SHA256511f0c169dd79e806527ae7ad70f1d62b66fa8fe2056090efb9e20e0acd64b80
SHA512327a65ebf06aba21343d6f4de0ab961a1045b45395e924ca905afa4ec0e8853554ee35af1c726e7f34fc7fad50b16f2f338a966f5a6cfb2a56e9cb0a905454b0
-
Filesize
168KB
MD522f7696295b66408a29fa76539d8fc27
SHA124afa2d510d26dbea5bb95906b160d508b6bce53
SHA256575b845bee607173b46c8e97c942838d70b3272ffaec4db346dee6ed360307b8
SHA512b2d35d7b474f7a391a7304bfbf1f19f57f816f9b47e9d38cb71e12a690b567066ca1684dc637d3c7f365571869b64817dae8b9d8696680841d9cbc72e9bdd7d9
-
Filesize
168KB
MD54d11eff9ef3deccec6228c30a554d5ad
SHA13a9171525a098b486c7245e9064081ec62c8d99d
SHA256f7af8d5dea69129b76bb5cfb651da1613092e0d4518deab4f91e8e39188e4276
SHA512b13fcfeb2969cc3438d1a605568d9f2e1cb6eea4418b78f0ee2857bae558063832d64a1ce526f842e5affe240ee65e517e17b4deeeb4b4e6aede5863e3b11d8a