Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03/02/2024, 00:45
General
-
Target
2024-02-03_786572ca4d42e88a1d44537c9487762d_goldeneye.exe
-
Size
216KB
-
MD5
786572ca4d42e88a1d44537c9487762d
-
SHA1
e64594ee1358fc262798bfb2139c6064d8a1cf1f
-
SHA256
637e79041b2e3a238c80fbfc5202e45327f02667fd94f4ef62622fc8f19a5f3c
-
SHA512
c3831968b55b7a236085f01c74690d9be7a417d9c3e180992e5ffeced8439365adc7435fb8884e3ab6499b2e446e999c609d67d63829c03a8e73df797b4664af
-
SSDEEP
3072:jEGh0oAl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGOlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 17 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-03_786572ca4d42e88a1d44537c9487762d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-03_786572ca4d42e88a1d44537c9487762d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\{F7A73CA9-68EA-49d8-9935-D23CCE49F3A3}.exeC:\Windows\{F7A73CA9-68EA-49d8-9935-D23CCE49F3A3}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7A73~1.EXE > nul3⤵
-
-
C:\Windows\{C7B317EC-5BC7-4bfa-8B3F-AA049A3F5BF7}.exeC:\Windows\{C7B317EC-5BC7-4bfa-8B3F-AA049A3F5BF7}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7B31~1.EXE > nul4⤵
-
-
C:\Windows\{EFB36466-0308-4d06-8EBE-AEAB46F7A46A}.exeC:\Windows\{EFB36466-0308-4d06-8EBE-AEAB46F7A46A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFB36~1.EXE > nul5⤵
-
-
C:\Windows\{9BB736A1-77ED-4825-A2ED-7BBEB1483B48}.exeC:\Windows\{9BB736A1-77ED-4825-A2ED-7BBEB1483B48}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9BB73~1.EXE > nul6⤵
-
-
C:\Windows\{81BEAE8E-915E-4d60-B869-3E522536F668}.exeC:\Windows\{81BEAE8E-915E-4d60-B869-3E522536F668}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81BEA~1.EXE > nul7⤵
-
-
C:\Windows\{210931D8-D6E8-41e3-945C-8EBDCCB608DC}.exeC:\Windows\{210931D8-D6E8-41e3-945C-8EBDCCB608DC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{177D22E5-FE05-4df0-B2EB-BA7A3ED41766}.exeC:\Windows\{177D22E5-FE05-4df0-B2EB-BA7A3ED41766}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D82BA49-D0E6-4390-86A2-BFABD27E9504}.exeC:\Windows\{9D82BA49-D0E6-4390-86A2-BFABD27E9504}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{72EBDFFB-7BCD-4a4d-9B1A-200C3D4F55B5}.exeC:\Windows\{72EBDFFB-7BCD-4a4d-9B1A-200C3D4F55B5}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5FD6BD3F-8681-499f-8309-85A7DBFC8E82}.exeC:\Windows\{5FD6BD3F-8681-499f-8309-85A7DBFC8E82}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9909C1C2-450C-45b2-B0B2-B0C64E68B964}.exeC:\Windows\{9909C1C2-450C-45b2-B0B2-B0C64E68B964}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5FD6B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72EBD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D82B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{177D2~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{21093~1.EXE > nul8⤵
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD551ffb064fa6eff32fa5ac5f5eaf805c7
SHA1aa7c8c14ed32c45d232795e9c5791cbac3b4f421
SHA256dcf2308d2f9b08b85408320c3c17ba495d44a2e5a6de551e3ee5716f280f5791
SHA5125b9b84c2a95a819bb84ed27f1587d7c10473557da0a892217501c110d32c329d5f94fc0dff00700e6ef0a62f3040486e1732b9786c2e087868246a082dc24722
-
Filesize
216KB
MD511847ea5726fdae76ae02e54c74c3762
SHA10103032159118639ac549668983300fa2c5056a2
SHA25660bbb0fbf3594e60aebbe3fd8543aeb3361d53a72dd80d98f726ffa166881a0d
SHA5129e2320f8105f5a3805b937295c57ddb6714e60e93db358dd97cf54e3703a2f10511f3a238e1f4f769068a32fb71f3f7e8963400e2c4a717d4d3ace87ad33bce5
-
Filesize
216KB
MD51bd2d179a2b66a3e64d4105be5ab9a0c
SHA1e4b849928847345a720ea9a846c7af18a7f9b6e3
SHA256591c5b3c276534c556437053bbcef5f6a7aa4a6bc53ca58805426e09161d0e2a
SHA512d39097baf3fd0a71a0071b5cc2a7a0d37dca8c51c704c6195f4b23ae16529c93666bb0271407c2e40dc4570c0cb3862c24c6b1aed82103d8f6eea584c94ec417
-
Filesize
216KB
MD5c149a2a10943afd1098138c4f1545216
SHA13fd4c7e55723a146594f98681efe0deca48e48aa
SHA2563c826fd120d6c124cc33cb55b22408c148bcdf4c6022deaeeed3696c010d21d9
SHA51257ff31034f4c1499012c467ec2761a2916bf99b3923db6fcdc2422e56fe42202a705d9c613eafefc81215a998ec8e9233366c8c30c856413d54fd43c2172b64a
-
Filesize
154KB
MD5f907f2fe12a9fd8c232f32a662f4e726
SHA1e71ab05f391aa3af920a873405b64b6d2147e16b
SHA2563c95725a7aa20e7938fe9c8dc395f86f28fa7ef1258791ab249eecbcd6cc8150
SHA512c181288eb71f084f1d7fff28d0c4249a6219f6ea54c17eca3f5b4e15907094fe14fb4639080c8ee44ea9cd979a59539c1fd9a61e9430a64c8d674c1ee6a85d2a
-
Filesize
216KB
MD5d78478bbb164e77f9adc779ca37c6c25
SHA112b6349cb4524496d54d83e8208a45e1299efd76
SHA256f3eba8e56b9cdef1ab87f19987ace5875acd47e3121712d49b0ef8811fc8e8ba
SHA5128d1365238a84765013840fa593b58e0af3610fa5a2313d8e7acabc71b2a74ead9a8389f8dfeb09aececc70f43c5b24bfafb5a5731ee145cb05260eaa9f5865af
-
Filesize
216KB
MD5cff9844b4be153a0f88a2a244736eacf
SHA1b9147ecd4f80506d7b0c3372e75970d501b7e9c1
SHA25669fcbf0c7311b0c7c4c4b90c2a19bb32837488f6e38eefe18a57cc65723e71f8
SHA51230505792c4d2555b92b194af71145cd1edede188ed3992fb069b0785b6ec63c9001dbdb58f8a7961f9c92e5848ff2312e30b9630e9ec71f70cac153285538834
-
Filesize
45KB
MD5fe92653054eb7f66bd3dc32fb6ff56e3
SHA1d05d4bf0a37ba314107e459051f3ae0a874c2bf3
SHA2567d42a0e55f8912d68cceb20744fedc3e3256d6a03238820fdb4d628e1330425c
SHA512828131241149d379c85b341ccf24edb3109728445781b25890a8200aa9030ff938ef98ca65932bf6be6b60b2281953ea8e8fbb0ec8026b679fc89170c5bd474a
-
Filesize
216KB
MD596881785e2bc2a15c156704b73317d94
SHA1c3effa6e78f8eb087e39ea6bef82b12e84bd5050
SHA256b2f5e5ee3ac2f64b5d73ff483a6f128b768dd9ba46759295bf0b8764d1c5d4b9
SHA51292c611c92eae16a5ab1fe04e28862354dd14a8f9d060844fb10625c0705b1c0d4e59ddaac91c0e0655b185ec2bb235addb3f2ac7ba5992448ef467fb45617eac
-
Filesize
216KB
MD5aefa603ae0df475fb14ff34ea98be90c
SHA107f367316f5d19cbf8ff3030f221f53ab81a9ce3
SHA2562b21580c816c75747be883c0ed8d3ff52da65adaca60785ceb705ed6dd41d34a
SHA512d97d213f68709286d9c2c039e665b0673247b3d44b5e26954aec0982ae0f2357e322372c34afc43f04d7dc7cf4ab1a1f0118ff484a6c706e368fcccef5869418
-
Filesize
45KB
MD5324bf685e30c2f5128900202f298b39d
SHA151132817612d1fa2e38587e8a49d268c9ab86317
SHA256c8329aa8d6e2c3bd46e44f47c4a20250ddb1906401ce97bf834e494b5ca24a9c
SHA5125ee518801b10143fad823039a90f3f5ee8545de52cae8464f69ad214e5dcbb2a5fd2326795e69727e8bf330cf6f0e9bb1efb62e8b62aeae63ea7c5d32a82c9a5
-
Filesize
176KB
MD5f9411d9d34d59f18843ecd5f7ad8e308
SHA1cd6a32c108fc3e5806f5e55d00331f08486c1a33
SHA2569d64a6767d15805b370dca32dec06f6d447ecd160eee1cbad8114614e4f93529
SHA512ff56580be4985b72d30eb5f48e3eeceaeed714b16f2053bf53f91eae73a2aaf11bb9ad1ff835064788e96f19bb5092e7fcb26011c48a852b162d1a85c95020d2
-
Filesize
167KB
MD5faf7bd7878ddad34c5d1bd9265ac08c8
SHA14fb74f101860e85bd0d42e86faf1dff90a782337
SHA256c475a3792edba3f98b4adec66510b8017da027f5c0c6c16f4c16f9a59e1a5bb1
SHA512e5e15aee267ca02cf591cee61c44ac6e5e77b97456dd61cc5d9061592fb6f35ee050d8fbe1747c3e948dbb54a137ea500438c106d7b4109319cd3a4dbf4a8db0
-
Filesize
48KB
MD5d83f597592fbdea299232b21fd282209
SHA180272abd22e670da58debbe0484f18dc5cc9cabd
SHA2563f483c57a41d412c395ecf7b6fcbf27c026e92f0525d3034e89c15d86d92a95a
SHA5125968b0f6ac9fe640598774db8bc8cf0c27b9c52cbe301a99723cf2730ad6dab3d2b607abefffe0d0a69a6d65026ee2d5f3606b23cdd0bdc6909564f7b41c45a8
-
Filesize
40KB
MD57d5287fc6ce4176653de0bfd78f20c77
SHA1c42cb9486f91a6699c299a8a9fa98f16fcdd372b
SHA2566f8f00bd914701f0c8309cb7ea40f5a07c0e357a4cc13981b82c4b57173515c6
SHA512d7bb6518c09644616d2ef94412928e8eb7180dd0e817d80c43d1b5907f33ab276f77345a631c224b5693348e77d77d61bd7d9074e826b5bb9bd0c046d4573c6b
-
Filesize
61KB
MD55ea2ddd2d9057d1e7d4437944caa7e63
SHA155a39b2f6f6c2b9c769cb74bb8beeef2d050d6fd
SHA256264185b4b8ebff920729a16861a95001eeb9d5ff278c94aacc69a08338c8a859
SHA5125014987425fefab3218ddf9bb8d2483252dbe036f934e82602caab629293dac39ec79aaac1a5e37cf5eb51421a5e82d6a89cc755ea400a66c9ca161c05bc8354
-
Filesize
65KB
MD5546cb9280675b619659789ece6f66a9e
SHA17d0a6e1011f934d42b4cf3bb308d59009171cbdc
SHA2562bbb3a81e143ef57cc88fa9edff1a599cbc809be3af8a8b3f2da34751e61afff
SHA5125de30482e87a92e68f5bb20517f038c058d665884c7011dd218885716ed3224494426f98045ed4624b2ffc402a9ed8e2bc396099bb3f8d894776f5a3e9fb1e40