Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
17/02/2024, 22:37
General
-
Target
2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe
-
Size
180KB
-
MD5
3bd883a76624714dee9486c354149228
-
SHA1
327d598f506014ab15c84b2d257be584ea8f4b09
-
SHA256
05e11945edd1cd745c5772ab50288fbf34ccf696c5a3bf927e6132370d4d1c92
-
SHA512
21a086d3c5270e2ba5fd93614ad7e11c28165966292b1022f5a3b380bc3770b8418771562ee7d7501f25307f6a49c2dd30aa7f6f959d33ce2a597e205fd8c6ee
-
SSDEEP
3072:jEGh0o4lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGal5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_3bd883a76624714dee9486c354149228_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BA16515-3D77-495e-9F11-7FF14191DACA}.exeC:\Windows\{1BA16515-3D77-495e-9F11-7FF14191DACA}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D8C1257-CF6A-4b51-9E09-9CF98188E7D1}.exeC:\Windows\{8D8C1257-CF6A-4b51-9E09-9CF98188E7D1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F73350B1-D847-4fd6-9DC8-D346A699A4FC}.exeC:\Windows\{F73350B1-D847-4fd6-9DC8-D346A699A4FC}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CE4F3CAF-9E41-482f-AFCD-8B253CBCD4D7}.exeC:\Windows\{CE4F3CAF-9E41-482f-AFCD-8B253CBCD4D7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9660EAFF-77F9-4131-B62E-CB2F777FF7A6}.exeC:\Windows\{9660EAFF-77F9-4131-B62E-CB2F777FF7A6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1923DE66-0D39-45eb-BE87-611F62050DC0}.exeC:\Windows\{1923DE66-0D39-45eb-BE87-611F62050DC0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{650AA8C5-E679-461d-B8A9-909647654941}.exeC:\Windows\{650AA8C5-E679-461d-B8A9-909647654941}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FDC902DE-355A-4102-96C2-47F20936E31F}.exeC:\Windows\{FDC902DE-355A-4102-96C2-47F20936E31F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7CDDE1BA-AA74-40ba-BE1F-F085327DEED3}.exeC:\Windows\{7CDDE1BA-AA74-40ba-BE1F-F085327DEED3}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{830FC602-3B50-45b9-8D3B-9043E45079E9}.exeC:\Windows\{830FC602-3B50-45b9-8D3B-9043E45079E9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0D0E79D9-FAAD-4941-8935-F734BCB88168}.exeC:\Windows\{0D0E79D9-FAAD-4941-8935-F734BCB88168}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{830FC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CDDE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FDC90~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{650AA~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1923D~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9660E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE4F3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7335~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D8C1~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BA16~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD599391e409eea92feb6145e7302f387ef
SHA17034776dab42315ce753d2d035a1efb0cd60963e
SHA25638f4905ba62f88bcbb1f9cc556b4e301c22f6a980a3876669b052f0e6e093ead
SHA512bf00e15d092079a6735ce6dc88424286e4091f135025e39afb01adf1c53619d549758c1e35f883b27c54e45b407e5780061fc8a6b04437d8c37be9545e96eaa4
-
Filesize
180KB
MD5f4b8d9b1f4d547024c9076eba2114965
SHA17137218c78d0dbac87bfef47a2417ac5f99f0ccf
SHA25609565def65f9d5cd08cfa2b547ff2dcd8e4d649f97ef6483478a5c7a69c9c2fb
SHA5120d501cfe76d87888ef217c8385117e5f70210e9052966b858a954490cf14a11ed3940624cd60bbb0a3b618ae17c3277a1b222c21b92197295f1f7ca7be76c388
-
Filesize
180KB
MD5610e408b356de973796c6fe22f5876cc
SHA1c7f17241c9df403382a586bc7151347a0c399523
SHA2568778d860c90251a78c6baae7302df0c40377e5bb739e02abf1092d652613d3e1
SHA5123166291a02f109f4f18c4532b2db787f8f67d7921b63aa3dad362d93f3bbde85552b12b3939d66eee37bfd23fe36f932e6f2c3c2a1d32a19afcf834f4150ca7e
-
Filesize
180KB
MD5d0f24035a4f6ad5f4902764c80872c3f
SHA1dcfe5c1c3a9265ffe66bec21c915fd966ab6adcc
SHA2566a18a095148177471fd63f16ce1f8f801cd7adb1df38433b600d7cd3ac35fe71
SHA512311b399ec5c3ea0a34939918398b774b778200470d50080b2f112f8e88508bf65edddf203bb44049ba5f7220daa0aaaafb6ac5cf469485edbc810f008cb64113
-
Filesize
180KB
MD5ab49e32c246cb0cbec74165ee2914c45
SHA158f46c376b506369c8b95b3a7761bddbcf5a8656
SHA256d218b930cf9a21e5dac204c5308740482fc6e93f8f369b4f3362cbf78cdbbb28
SHA512cefc41af99d7e6e32077452b1b0ba7c41bf15669b277c570d738aef6598b12e509c459f47fcad99f7638c79c5cde6439aa80f3ca309ad08d3e57a7ee6f22a831
-
Filesize
180KB
MD5dae11712b2c30a16b82759c2c09b48eb
SHA14844ea557fb41dd98fe551519c27e474296b5fac
SHA256d0e0b5914f995c0b299c3a5a801a2796caf25b659cfe372b1fa5affb2c677b6b
SHA5125af389227e8195dce4e025bc1a2a0d2eb954aa61045645723ef14a0dc634d6ba7540df1034e330756ec3294159d939afe4fd1bed82b5ff7607762ffde6ccf4b2
-
Filesize
2KB
MD5a2a093be4e86e81bb30ab9b5aa8e7a79
SHA128702f726560335282b42043b7e09a6d41574ad5
SHA25685d55df484838bdf7b8fc4290b1c79135e06a6ede88978d502383e7ad185ab3c
SHA51240a346be2e22d3a7885911064fc1d806f1009d98978fa5ec960b3b96afa52195be2b9384c121af40209bc4da699d4773149bfbf9c96cb20adc8226e03977f12d
-
Filesize
180KB
MD53c90a93f3e51905b81d791d672c0728b
SHA1a237f69a79a50146e8f1a47652f411fc467c6eea
SHA25609ac3ea82f11322144f13412531760172228cf3bcfaf53a552c7fcf5d566b8b0
SHA512a8c610e592b53316859d44d3703b0efff852cd95dbb11220b0d5f7e11a5994c66323622324bd30889d89b715524ca1b509b4d71dc3d0d007c072fcd40ff53b5d
-
Filesize
180KB
MD511d260ab052827a520831b6cca18feb6
SHA1f11cbf6c8ab7b7790db30377261a22dbf5fb1cd3
SHA256762acb960b775fac056bf94bab3ee26d507c8e8c6052278c6d3367f0e226a18e
SHA5126b7527b59351d8130d814581b90a64d4946f5fb59c2b53e086334896003758cdf880e32b1e45f8c1db628b9e5d01caedb590b21a15d97214c11af990977a56bb
-
Filesize
180KB
MD57c6e75b2372fe8fdf644eeb582d3fc6a
SHA16aaf699e60156188dfd656ef88ca3836b4f7c067
SHA2563873606dd422ed7336e24de24405d30fb48c0d80a25c4f18434c2f1d75b7339f
SHA51211a1b690f5565923b5555e9b3e583fb839e064c3e873211bec68a0e78765af0b8f77eae062be83e42242e6424fe523e49b8908840e7d916c8915452ca870e8d4
-
Filesize
180KB
MD54b1017715a2959342b8caca8ab280e39
SHA1e689107bb2f5181bea61819776e12edcc74224e5
SHA2563dc4617b935838a516b62741f9e790c55fa58826ccb74a7e78e1643bed06ebe0
SHA5121f1dfb221914d1848acb8873d0af65d3aadd455f6d51c4e8e281e22ba8e37cb66696fa8ec0ec25d158266745a9daca82e13723773fafe87c45d464cadb0b3640
-
Filesize
180KB
MD557b15bb900389f6b2ef2089bb7e19ccc
SHA14690920620a7a43b202ee3d25d8cf625840eba1b
SHA256f1d6739f3ded657fbb42ad4863a3e0a7d4e86d4b2a16c7a391cec9af71c091b3
SHA512c8b5653451c381d6f0989d10776866e8a1d1bf438ecfe5a5261c8f38bc2b2642e3140174d755f46b3ef8ffc782af335eacabe98431ce27fa7a8a833acbaec938