Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
27/01/2024, 16:34
General
-
Target
2024-01-27_bdd2bfca38ebe5a3d376dd501bef41f6_goldeneye.exe
-
Size
197KB
-
MD5
bdd2bfca38ebe5a3d376dd501bef41f6
-
SHA1
ee0fb6e93430e9ceb90bc348faf40ded9c7a1bad
-
SHA256
7b19486c6c256918bd8991acbd894732af6b5cd474c8e9b67c1a1f1431601bbc
-
SHA512
a68c3e4910bcc6a8e91b1703ffbd76f2da9b197887fe29805caee7ff567a5f2fbdc0b5a0c02ebe10d9e35bb06b738a1a5c4cca5869e54f81ddc7f4fb15b504e0
-
SSDEEP
3072:jEGh0ovl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG5lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-27_bdd2bfca38ebe5a3d376dd501bef41f6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-27_bdd2bfca38ebe5a3d376dd501bef41f6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E5661962-3F1E-4a0d-9406-0188E4FCBC6E}.exeC:\Windows\{E5661962-3F1E-4a0d-9406-0188E4FCBC6E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DA286529-07D7-484a-BEB6-117E6B882F8B}.exeC:\Windows\{DA286529-07D7-484a-BEB6-117E6B882F8B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E980B66B-03AB-4617-8C38-E0B35A9AFF57}.exeC:\Windows\{E980B66B-03AB-4617-8C38-E0B35A9AFF57}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E377B23-213F-43a8-A219-EACBED0F5931}.exeC:\Windows\{2E377B23-213F-43a8-A219-EACBED0F5931}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC46928F-0AD6-4845-9B69-9624D86DCFCC}.exeC:\Windows\{EC46928F-0AD6-4845-9B69-9624D86DCFCC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{95BB6EFF-F839-48e3-B7CA-0EFF033AE140}.exeC:\Windows\{95BB6EFF-F839-48e3-B7CA-0EFF033AE140}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7CAC9922-CFE2-42e3-ABAE-DE5B958F96D9}.exeC:\Windows\{7CAC9922-CFE2-42e3-ABAE-DE5B958F96D9}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5410D879-6A8F-419a-92FE-7A8576BBBD81}.exeC:\Windows\{5410D879-6A8F-419a-92FE-7A8576BBBD81}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5AE45823-6D78-4779-AC9F-F5283052CEB0}.exeC:\Windows\{5AE45823-6D78-4779-AC9F-F5283052CEB0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{00834A7B-542E-4281-8F85-D1E206C17DA5}.exeC:\Windows\{00834A7B-542E-4281-8F85-D1E206C17DA5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F29D852B-DE35-48d4-A4DF-7958E9BFCEFA}.exeC:\Windows\{F29D852B-DE35-48d4-A4DF-7958E9BFCEFA}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00834~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5AE45~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5410D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CAC9~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95BB6~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC469~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E377~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E980B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA286~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5661~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD56032a34a1c92cdb410a4ef82b3f23d24
SHA1989e9bc459efcc6c831d61c083db92bc8feb9cc1
SHA256e95bdc13745e2fc1704074b5d5ff76f94228eedc7bd839c27f8c2212b94d1ce5
SHA512f932103f3e32cd06e1a4619e181d63062a3137c560af21ac265d116b78aa445f0bf60d56ca905c68c2f4dc891f4197569743ec763294e97f5b30465a28f1f8ed
-
Filesize
197KB
MD585ddf1de49e29d4749866b1f30c36fa4
SHA11ccaf74a99d87b2be503015fd6fac0d0261d7f6e
SHA25678bf4ffd502b6b805ced363fc7f5e1be14ad7986365e537538f6345b28d032c7
SHA5125c893cb4d9314617a6cd2a75acb101ec0ca771f34ab4c1871b2834284b716263bb486f9ce79a69eb4d19f48ccab2586cdd3da9eafbd82afe395ff38b9d4b6466
-
Filesize
197KB
MD5dc2e65bdcae52d330f00610ad341f99e
SHA1c3f28a1010d30e80f91b7d411f13fbb43a2b11c0
SHA25649cccac830da0c29d44893be31e16d650762352c614df0fc246fbccae2434cf0
SHA512f2f3c863584fb6348a46304d21ec282748d36e971c31c5f59eaa9705714ad74f739cae585d59442a7242fe24fe96c4249d48147817a5e7fcbec3d900381142f5
-
Filesize
197KB
MD54248b4fff9fb97fc9137a10749e40965
SHA1a2c2c17ffbdc367f9f027ad0a8ab1b7cbcd44a29
SHA25615eff09983406e8e40528ee5f20653ce84234ecfdacff38f7db1aa7aa00e6bc2
SHA51265101bd6dba2f044eecb2c66ef4bd9cd48d2a5661d0b2b4610ce3894abd68ec3a99a363247051aaf287afc1812a8718d02ea55fa68c8f63b0e045610736fc1b0
-
Filesize
197KB
MD50152479f043019684789ee4ef88eddf4
SHA1ca61100b52644210af15f71429a847a25e0f2c2d
SHA256e474ceb6a7e4a0b40e8f6cfbb8e4702ef309f58ceb0237f41ec812704f90af43
SHA5125c280f8e46b066a105abeaf616f44f209493087dedc4abb0efd3994710860da8a326cd3e96dfe929edfd8fdf59d87aaecbf8750dfa7cb3f21d02d6b1ed0933bd
-
Filesize
197KB
MD5bb0a4455658d055001fe10cbb7a773d4
SHA1779949ceec0926aea63a55b918ae5019f267cdc9
SHA256db0e172f4d11f380f841a669eeb2a416d448eb57ed81b41dfb77e8595bb51fbc
SHA512db8f3c96a5d1ebe1b0e0142f516a3c4bf2f68745f4ba2924411fc9be54fea0ba93d26778b8ecce15731c4ce78433181835624c3553b85c87c5bb76c1d983a44b
-
Filesize
197KB
MD53095077686f3a505d77bcc712bfa8cd5
SHA1793f0d72295bc62e7dd2e6bf6ebed449f66ef1e2
SHA2560bd622a1022f4786c1cc4443ae063a693ee486bdf900be244244c8be41c6eb27
SHA512014e0b8b95c94d84edc6f494d59d353290ff9c4dcc360e3adf495ccd367171c9d37382b27578a7062918097ffd11ab088cd0c2d00994a548a0155572918bb3de
-
Filesize
197KB
MD5311665b5579efc97d9c377dfb67c6b55
SHA1c2f3637fa6b03fc47ae98e0e60ea8d669395c142
SHA256b64241ca857e1eff3cc64984600ff6ac31e4b988a5671c3a6517653d82193523
SHA512e46af5de90212a328b18cfe79c11c5119bf49609edc399058ebe62e244ae1d6daa4f09f0ea43fbbbe2177ed4230dfbc91efc380d5b16604b0ce57ff4903f79c7
-
Filesize
197KB
MD5d72ca9c131fb1a478f391cb601fbc1a1
SHA1662e9b9a76a3accc1eeff3126865b954844bbe87
SHA2563d7f2dfe751d1bc955c08dd8d09abb7deac671261f610c43a66b37bb39f652b1
SHA5125d79555b5b78bea0c51c55ebf49ee842ce36a627aac2a26505ad435f6ce393a65f9c29fdaea896ac45bd30854aee5e293df8473112378346df72bd5557740a03
-
Filesize
197KB
MD5415fa602b8c75fbfa5e627bb991e0208
SHA1e2de0500eb6467f2f4d58081a24ccfc064c2549a
SHA256093a4ce0005264579a72c15c72a114f0f031b230bae1579cad0ddaa33ae92c6c
SHA5120f1e016597fc08f4de5faf9b1a6d9bbb2458d05d1a3b4c362dc5b42ea91e0e23c3522ccbaaa9d21e5e48cf891100473949529f6826e7a365ea097014328b6630
-
Filesize
197KB
MD5940e275e707313b1d7b88b4cb6d1709a
SHA12fb7001a0e171e471664b96d42ecf0204d1de3d8
SHA25685b3aa83fe60a01ad10f3822f3a2ea47f8e5306fe266e3fed535a06695c73f4c
SHA5124fa2c6e0cd6bd9d37ff9af06cc8d4432125d106891389f10c2446ba066dc588e4326cf67c17c6aaa37e0bf350f0695e80e0c780f730cb7308043c2509cd34b07