Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
01/02/2024, 09:28
General
-
Target
2024-02-01_8e37f8d1e991c0bb64597d7e1a19cff6_goldeneye.exe
-
Size
344KB
-
MD5
8e37f8d1e991c0bb64597d7e1a19cff6
-
SHA1
643385a3fff9d34ec320011e36523e67bd8d8372
-
SHA256
d7bd488042bde55a15a7fb47e01d5297aac315c09909abe5eb4cea2c1cbebae5
-
SHA512
c3b305ce8c715880f9a75e328f56da56fd55d4dd323b0e1f55dcf91690a347694b903ea4cc69a02a1c55d0b262bd2ee0e95c1d37a581160091e59a940f373739
-
SSDEEP
3072:mEGh0oblEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGplqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_8e37f8d1e991c0bb64597d7e1a19cff6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_8e37f8d1e991c0bb64597d7e1a19cff6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CFD99473-1F28-41b7-94E1-5565EDEBB2EF}.exeC:\Windows\{CFD99473-1F28-41b7-94E1-5565EDEBB2EF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B2BDF2DD-EADF-451f-935B-3F2B9388D3CF}.exeC:\Windows\{B2BDF2DD-EADF-451f-935B-3F2B9388D3CF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{095D6FB3-2251-4ab1-BC20-D0CA43CDF8E1}.exeC:\Windows\{095D6FB3-2251-4ab1-BC20-D0CA43CDF8E1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF414130-7FF7-4c37-930C-CFDF0103775D}.exeC:\Windows\{EF414130-7FF7-4c37-930C-CFDF0103775D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3566BA03-2357-4faa-950F-850BCA89288F}.exeC:\Windows\{3566BA03-2357-4faa-950F-850BCA89288F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47DD4E9E-4863-41c7-8643-75692F062FC3}.exeC:\Windows\{47DD4E9E-4863-41c7-8643-75692F062FC3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B0D0FB25-6E76-4871-8239-25C7DECD1BFD}.exeC:\Windows\{B0D0FB25-6E76-4871-8239-25C7DECD1BFD}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C4AB118-486B-48c3-B1A4-BDE57E561421}.exeC:\Windows\{6C4AB118-486B-48c3-B1A4-BDE57E561421}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{269FCF57-9BC2-4ed0-9059-540F9CF4284A}.exeC:\Windows\{269FCF57-9BC2-4ed0-9059-540F9CF4284A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{68D43D8D-BB32-4070-9C6E-67C1C77DF597}.exeC:\Windows\{68D43D8D-BB32-4070-9C6E-67C1C77DF597}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{656D3152-9369-4962-98CE-2395096C3381}.exeC:\Windows\{656D3152-9369-4962-98CE-2395096C3381}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{68D43~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{269FC~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C4AB~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B0D0F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47DD4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3566B~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF414~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{095D6~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B2BDF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CFD99~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5b26bc46a9f5a2b6790a3e56ade196983
SHA16e7e0867627cbd73cea148eb2686675277141d49
SHA25607bb818abd0c86baffe76465fc379d97dc8a276531a774070414f66aa86b0e89
SHA512431ea3822c61a7032092f4b2ad82fafff2417be6dfa828d26c3601305a40c9dd5d44be890bb0baa302823783dd0eada6b12d8eb630632fc0d2a5430c31e7d098
-
Filesize
344KB
MD59422e1a97b55f29593c84691ec4a1fc6
SHA16a75ae8686642f99e02369a06b7bdee6b3b1b4df
SHA2561d0dfe9bf836eeb961c5e81f4d229a5c4f8f510e0048c747506efb060421669b
SHA51263c9f5dd4988c933fb1054e12bd05db06a28a002ba48a7213856656fc5862dae38a40d7485260c7ba2567de5307c61a811d3f107ab7fd5934ad7b16198164215
-
Filesize
344KB
MD50013b283a1c057029225294beed2c257
SHA1c56b6e2076b1e740fc553f852cb3d490d63b418f
SHA256d9cb4af61adfc53729e761869b3025c93bc3dbe5286cc86214a8d0880ceeb049
SHA51275a51765e25cad755ed2d3379e31fb7713221be369aacfb169b205b2c71a195a5828ce1df8dc8015857cc024c4ce5f46676075f86a0a17331e6c1f4695634a6b
-
Filesize
344KB
MD51aba72c500af7c145d20515df74a666d
SHA1752e0440a0c8f65204f3a28f18ab01988e969340
SHA25656a7cdb82d93183b9f7e5c970cd8c2ff8942107d806f5e9ae2f151e897adf290
SHA5123b82074c609a6a7700cbdeb9e375678015bc81fe7bf4d319e3c841ec352e8a8d6d8d537a4ae970d09e5685b663c4333746b79904793cae1061d93005502c93c1
-
Filesize
344KB
MD52f700c51ce41fb88e87ddcab557f02a2
SHA1286bb9e2f9b7efefc2635e4a4ea5259b960b480e
SHA25652cfc6675b269e510360ab41cfee77bcf313023ee18ff9f49740f2bec5983777
SHA5120e99fc4ea58e0698f95ce95ed3612fb5acde9464675b4e80027279f9909a59cf62e12dc625607bde87174194fe7a6335479f5b7fe1fddc834492f5aae5f3f908
-
Filesize
344KB
MD5cb6a423acde4327ca9e6a86bedba1a9c
SHA145dc68b48cc068935d962fca2ad4a355c3335962
SHA256d45f4a3f8d120a94b34d1ff2460e732f8058b22dd41e1483eb615242d5158fc8
SHA512573dc5e0ce73c387f6c4fa1b1e2f41559438923a8d925791fefda72899860846442840e3867fd4f45ef344cc34b8e540e0485767b9bb09011cee0dda268aef7e
-
Filesize
344KB
MD564cd50e516cdafe07aa504a156227776
SHA1bcb7204256fe48b3b0d49bf18020ce044f5461e5
SHA2569dd46d9314bff10f5b24aaf7f61c10bc96069a7e1f35370b37a8bc076893e5d2
SHA51271fdb2b401de8d07189c094e275a5613fa546b73e3531ae069740281cf6aaf2713cd07f6d220eed367beac3183c8041fcaab9eff1fb4f30c348c922efe218d72
-
Filesize
344KB
MD58b0c19d08529b4d05d3da9fc6a00e27a
SHA18f007b8455526d9d05ae7503e6c51ec5c038412d
SHA2565bfa4784fe41438ea0b058ad20da40c668af3473a18c1a9c70bf6f859cc09b3f
SHA5122dd807cfd7f2ce5767ec7e87c518fb15848c0e9a30aa25649001d82dc46009f5f3738f41b5680a84ea05c9e9512c2d7148ce3ed6770b3b488f875cb93e5fc205
-
Filesize
344KB
MD5535cea6e393614f38e735f55c887c341
SHA105be169eb3d6916d66dd9d1ee3e214343e823fd2
SHA256cdc61fbee7391cc632f65d3d4d1e587ff53e158895d8b8ca5ba3181f0f4b40e3
SHA512b0feb85fd5c499d9293753a96bb7b078d2717e9893099fe86957e12556d4c38fd7cfaeec8511b4263e92ecf430bd3f81a6153978049ddf3f1850866a0655f36b
-
Filesize
344KB
MD5e9e0558aeb823ae2f241e30a36529a4c
SHA1e8167bac0e2c74f136861bf55ae786a2631565f5
SHA256c5837e2305ae60ae23a4b9b71947608c1199ddc3a1534a1dd646f5c944674878
SHA51270248103b9d71fb608f83a836c04a527ebff2e676e5827e5140c9b23c3d5843f025bef3983d8ce89d51105392d08e69268729a8877cb3701614bbb5a8692eb5a
-
Filesize
344KB
MD513a612550550f0d05952941e6e877975
SHA16afa7267b05fa549f28656906e9202a1b32f422c
SHA256883f9889bc6ff339faf7f4f3d5011fadd4bf8b93c86260a453d1a294aace6fdf
SHA5123b6ad31181fdf34f210c228f452993bfa54e4b0b66b55e628388b0f9442faa5192bdb1bc7996c5ce02ae0e68c170e8faea2a68aff0cece15bbc79730c703259d