Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
14/02/2024, 05:47
General
-
Target
2024-02-14_845f140f50aa287ccafc09fffe2991fd_goldeneye.exe
-
Size
372KB
-
MD5
845f140f50aa287ccafc09fffe2991fd
-
SHA1
ef2ddfb7dec6d90168224a4a20f88a955c338611
-
SHA256
9be09e02b7ef3931d0cd471c24f3a25b528bae1bc8f73fd21d01f560a1029340
-
SHA512
a188c2e8c422a24d255ccf8786c1d14efe63125536388d5bbf4acd48a209e154122e82503e365d41ec6ed7390e7a27939fe7b9cd5b6108e82af56f04e7dcb1fe
-
SSDEEP
3072:CEGh0oWmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGJl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-14_845f140f50aa287ccafc09fffe2991fd_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-14_845f140f50aa287ccafc09fffe2991fd_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9D71D74-89D5-4eea-8DA7-DA51618DEBD2}.exeC:\Windows\{D9D71D74-89D5-4eea-8DA7-DA51618DEBD2}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DEC8CBBC-B95B-40f1-81DE-C855ED458F60}.exeC:\Windows\{DEC8CBBC-B95B-40f1-81DE-C855ED458F60}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D30D1F5E-24FE-491a-B717-EBA3541378E5}.exeC:\Windows\{D30D1F5E-24FE-491a-B717-EBA3541378E5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D30D1~1.EXE > nul5⤵
-
-
C:\Windows\{48823D5F-C507-44df-8121-E2D01375259F}.exeC:\Windows\{48823D5F-C507-44df-8121-E2D01375259F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C21AD6E3-7DCD-4fa2-BB49-EF7249BE792C}.exeC:\Windows\{C21AD6E3-7DCD-4fa2-BB49-EF7249BE792C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B2DEC33-F7A3-487c-B4E4-970C68EB0D51}.exeC:\Windows\{1B2DEC33-F7A3-487c-B4E4-970C68EB0D51}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E8E86DD-860B-4acc-A99C-E299D4B9A4E8}.exeC:\Windows\{7E8E86DD-860B-4acc-A99C-E299D4B9A4E8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E8E8~1.EXE > nul9⤵
-
-
C:\Windows\{02D23110-4258-4c0a-AB29-18838556B604}.exeC:\Windows\{02D23110-4258-4c0a-AB29-18838556B604}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02D23~1.EXE > nul10⤵
-
-
C:\Windows\{1CCF1D67-6157-4f60-B447-23F9F7A28899}.exeC:\Windows\{1CCF1D67-6157-4f60-B447-23F9F7A28899}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1CCF1~1.EXE > nul11⤵
-
-
C:\Windows\{6F067162-8CD9-4571-A39F-670F428D3CB9}.exeC:\Windows\{6F067162-8CD9-4571-A39F-670F428D3CB9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D3B3210A-6C90-45c6-840E-5E8BE370F98D}.exeC:\Windows\{D3B3210A-6C90-45c6-840E-5E8BE370F98D}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F067~1.EXE > nul12⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B2DE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C21AD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48823~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DEC8C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9D71~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5ff7134f9a1f1ce1f64f60354a2cbd47d
SHA1033e79212543bca4525ae0516ef83ddd8acdce56
SHA256d714e04d6958313f558e4da164c0c48c90655c8193095b56734a14457e808eb2
SHA51289a4ec8ddc49ad4ea881de4b080cca918189e40e3626025d6f6cc4595fbcd2f93d32e9351ad1900360a18ad0149dec17ff21de683469a5e9736c3c063728fe27
-
Filesize
372KB
MD5c1aa3ebf2413713c20647d5d566e5733
SHA1ac7726c3ce02ca4ece44fb028fedaf2ea617dd19
SHA2569f625133a0c926a15dcdbb49aecd9af6f5eebaddb33ab0d6f0f9cee9f43f69b6
SHA512de2d983a7f065e4eaaf5ccd49ba7dd7899a7d3f5455deafce9232f44dc9f2fbe13ae9ebbced5a7ab9573bd4bb200e9cada2dcdd19ed7d25db24751caafab1e7f
-
Filesize
372KB
MD5a123ae9e4e6cbc2a7d7fe4e1ea396c93
SHA167e3eeddccc16a536a451149d6d5e6a2e9f935eb
SHA2566333fe9b6c4727216330c8e430b51af863cfbdb551e8f2638b06f7ab71911d18
SHA51233de717e667338c783283ce907961a9cb5badcfa79e9633222a7d294e27fe1de1cb597152893ed262ed9017b953f4a34ef4dfc2f30962d9093f32ff2789d3f01
-
Filesize
372KB
MD59b992bba284feb3fe078d3801d88d4e7
SHA182b611949d6ea5de0c2c83b1425acbf55955e4cb
SHA2566d031f02203b280d44d03ca81787c2da3778bfec658695712eb5ba7cd8a9d1e1
SHA512dc29556fcc286365b3b06572beb11d70ea081e384e9255beba5f2ba9aaccfd61ba43e796c3bf070afd5c7329cfda4e5fc02846d49c889b612a7697cf07fa0502
-
Filesize
372KB
MD57ff3599882653114327e06e9320be51e
SHA1917309ee838e576f0e4952dd352b64a563a6e274
SHA256c81719dc3a0432f280a3f1ce930fb05e5d6a9712eebe9b5e5730c80de34cb37c
SHA512180461b24dbf271a80f4d592144d376b895f7f86857fd88312297df828ff159fd845b559716d09ef293233695ff5705bc7a25341c21f1bc914cf5afb240f2a3f
-
Filesize
4KB
MD57ebe33c1be64967c78cd552e9a24af19
SHA1d70f54d0532329446ade324bd0c604dd0252d96a
SHA25676bc385ed634f46681bb0879a3fca945618518434a1c23356359d16eb6803039
SHA512be7edd4763c92b76da1af1edb822d39dc9a08d3cc20ef635518ad14d6072301011bcdac5fea8dbd029875e6b23ab52e2a88cd3ede86103ed568c2267ca1be5de
-
Filesize
372KB
MD5b5dd11daa4ee30a9519e588b15afecba
SHA1dd7e5e12ec3de72c62d020dacf7b7537b15eb8b8
SHA256157704e080dec3c5107d3560b71bb325e5c7b3176d74d60142a9436a9e7bf856
SHA5126c6a0c07513a66cba4db5dc805e8a7767c4ba02afbecb6e0927c0c20f4a61a0719e5761fbee4985561cbdccc8a5121a688687623e1228f97afa6722a210f55cb
-
Filesize
372KB
MD53f2a006a9c84d71df8e126a61627587d
SHA134ec4c0abcb8fc607db76f573648835fdc90c6f6
SHA25612c876a584b24851607e8c619eb0dad001d283b168caeaee70b55405b95fe6f8
SHA512235f8387f9355a6249b4d01041d97458fa24c2b781eb4f8569ba89dfb49d9ed217c90360b0f8d5f7cb962c253e8671c56a68a6d315fb6a9ffa329689fea05e5c
-
Filesize
372KB
MD56b042e37c8b1f938165023200ce5c811
SHA165a2ff3a16372609f4f54618deacf8be054a368d
SHA256e2b279572c593922d722988799cacba22702f3049355a9acf689e6b1f27b3355
SHA512d89ace3854412879844087987bebf24c4c61c9cbb7f00e9ca93a3bc8c6bfa49079edf81a69db903862336e3f7bd33f36f63872dcad4d85a3467287b82b5489f5
-
Filesize
372KB
MD57a334ed163000a0baa727aeba039142e
SHA1f25bb61297a75c06a779651236d8bd92d8628395
SHA256a82ebd6cb6451c4f3db86a991bbb6750c85d085280550bbd31126a0bbe395a4e
SHA512f9a385fc319ab88ab89af2596477fea51d85536ae2f297be70abc9cc872bc6c4d7b26515897e27af1034ea6c0cd1bc446af2abf710f6598b1e5e8dbe6b050606
-
Filesize
372KB
MD58eebb6403733278cc5483552d6cdb3a1
SHA14f5eb304bfe16f228d0274b759adeda2d0d2388c
SHA256417403fd47fe78ac1346219c506b2853aabedd119befd3441df220166a96e687
SHA512a1b217b4c184d30e30376a2899308fd4f9c0d4c8f77e925a65e1fff69a7d444b9298869bc75452f476a4c93d08bbdb5a4a05774f1466046a3bae091ea9efc15b
-
Filesize
372KB
MD51fde243bf0982865038b7a752aa0543f
SHA1c6dff3adb969ce7e9702e747bd7f64d3c875256b
SHA256b9e39dd0b905fba56bbb76f8894c16b621d648cb1cdbff4f49b17ad6778d8c51
SHA512e2177e64f5d3dd9cf79802460c88256803a8c664791d473d94ce0cba518553718ff1c4c51dffbf0d7d42969f6e6fb4b286b24b7c4248b1c4226109d5631e441a