Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
17/02/2024, 18:23
General
-
Target
2024-02-17_053d3d9d73dae942303cda04014f3964_goldeneye.exe
-
Size
408KB
-
MD5
053d3d9d73dae942303cda04014f3964
-
SHA1
7a7baebf8bf3a86ced5757d0fd7f6efee1cd8b81
-
SHA256
17cf783625db848bec7b69db30ca23548dce74daccd29a12bf3baa2337155f92
-
SHA512
9023babb8cec16ee2c31a760c12d452c6a9acdaeaf961914f2c59694b608e89c5df56ca5ce41d7b5bcc87aa29ae94c96dee86bd7aa9df7f47506348f17b5df40
-
SSDEEP
3072:CEGh0o+l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGwldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-17_053d3d9d73dae942303cda04014f3964_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-17_053d3d9d73dae942303cda04014f3964_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1408BCC1-70CC-49a8-9146-26EFD0D3D665}.exeC:\Windows\{1408BCC1-70CC-49a8-9146-26EFD0D3D665}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BC92B290-23CB-4868-9933-05C28008C85E}.exeC:\Windows\{BC92B290-23CB-4868-9933-05C28008C85E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC92B~1.EXE > nul4⤵
-
-
C:\Windows\{A2A29034-33C1-45e7-9E68-C1CC970D024A}.exeC:\Windows\{A2A29034-33C1-45e7-9E68-C1CC970D024A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31B9B660-F1B6-4175-A9F5-A647D182253B}.exeC:\Windows\{31B9B660-F1B6-4175-A9F5-A647D182253B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31B9B~1.EXE > nul6⤵
-
-
C:\Windows\{382C038D-DB5C-4d87-A255-8CADACBF1889}.exeC:\Windows\{382C038D-DB5C-4d87-A255-8CADACBF1889}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{56987DCF-C21F-4de7-B260-E9EEC1427F09}.exeC:\Windows\{56987DCF-C21F-4de7-B260-E9EEC1427F09}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56987~1.EXE > nul8⤵
-
-
C:\Windows\{FD38AFF0-9014-4715-BB79-BC3F63145F4A}.exeC:\Windows\{FD38AFF0-9014-4715-BB79-BC3F63145F4A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E13A3E5-B3C5-4c11-B7E4-C6B85C74C336}.exeC:\Windows\{7E13A3E5-B3C5-4c11-B7E4-C6B85C74C336}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2CCB7199-E444-4e4c-AEE1-6FFFF46C28BB}.exeC:\Windows\{2CCB7199-E444-4e4c-AEE1-6FFFF46C28BB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D648832A-1E6D-40b8-9E43-468C2E510EB1}.exeC:\Windows\{D648832A-1E6D-40b8-9E43-468C2E510EB1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6488~1.EXE > nul12⤵
-
-
C:\Windows\{D5C7224D-D8A5-41ac-A13B-CA640C358A4E}.exeC:\Windows\{D5C7224D-D8A5-41ac-A13B-CA640C358A4E}.exe12⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2CCB7~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E13A~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD38A~1.EXE > nul9⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{382C0~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A2A29~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1408B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5520a74474540745ff3d79b7b12661a5f
SHA147262779b04b04e4fa48a5cc5874afedd804423c
SHA25692cd1b9f05252ce9389770d1a5e7a604185f4fbd15ff973af39ec56261e7306c
SHA5124a0cb87977f8ddbb619b1f6ada5447c358212178ab813cd68c2c5bf24c45de00c2b29a0c09b291a7e922d841b96e069d6e7a929e3b54f3e6f7998c324e226838
-
Filesize
408KB
MD54cb724e7cf57b66a372a8c48dbc6e9ef
SHA12f7d1ca1da41f94ee28e92999dfc9ae2c40e4fb7
SHA2566687440f566c9a5f772bb86cb2e6e7d5a5c4cf39c30610dec684ef06e5d24dc7
SHA5125147720b6c1434905e8d5883d349080dc784a03eae9092468c60dbc5f94386988832bad610bde0c251fbe519ef2b2927029bef6deb95a0c5975598fe79d1d23f
-
Filesize
408KB
MD571a52d407fbb05de4c302ea9e389f201
SHA14ad6bab1cec79af970e31b111934d085d9b99b5c
SHA256facf48118074b684c6507f9d3423e15ea2c56d7a3f89cba7611ffc634e435372
SHA512520082b233091e9f9cdf60b4e894157a540a8555ab7f9e78464a73a75edf581d7a90603e9260502e7ad946eff7a170891aae7368788eac6dc84771a9305b546f
-
Filesize
408KB
MD576c23f0d3d2a5c5abcf708b2c430e874
SHA1c378fe14bf52565373b42f7331b346564f2f7217
SHA256155dada94b563411ed1b91af716ef19548c001ffa24e7db9021fc717f5c8a38e
SHA5123e37f34fc10de4ec6b236140702b66c5e9946ad3f0ff320dc22862ed10a8f8e461bd9ea2ec02c758fe79513b5e91a4990c5c2059e2ed8888a6b28729c6992384
-
Filesize
408KB
MD5c4454217815ff8b45ea29e481aa3b260
SHA1ccc4629e6285b333469c5285eedfc3ba23d381d0
SHA256942f655303988c670ff3c7e423122fcb4a477f67b8c9a491af5d89abc88cfbcf
SHA512020ae9e47b4b1cee1d161e8d0a94a3678e4f56f1d85711bf9f943ddba80864d05d7d0b6a156e27b8821284aacbd176928724ba513b082e50f5a9fd0baffc433d
-
Filesize
408KB
MD5203fea38989ce326c5da97b4f3706d38
SHA1c82e0457279308bcce71f22e8c412989c8b77ec8
SHA25603c66a0f4e6483488ecbfbf169b4209e407b94ec917bf30e202c9a455cf6cc03
SHA5123fa3824b4ff406d7a0a06e719d41c91982125cde9c2de9fe97469a44ceb2bd63f8011dec42a8e54b044e47a56135d611757b96717f9b4ae5659fc983b7edc874
-
Filesize
408KB
MD56bc4178e811130552f66e9a6664ae357
SHA15fb38888e70d08578796bb211a0d3ef3b25582f3
SHA256373a45172247e09a399221e16756fbbb6908cf6233df57968511fb9ae490d40e
SHA512f7ad9e4866e36d2fb53aed32272c4235150afd2db4f169fba4ad4b81f386ee4e76faa3eee686369c2c2697397db6bfcbb8ad6669c401c21332776ac7cb414e0d
-
Filesize
408KB
MD5af636a14812ee597452a79f1b9be4cd1
SHA1893c90f6c0bc64e87b851bf0251571ad51f1ed40
SHA2564b348de0ff9337265b1b8642b2b59abe447e6285bbdfec951eef12a9a3e8fdb0
SHA5127d383f744b4a93bdc8fed0d8a8439bb7cec81df30aaaa3c0d1f903a4cb2b15229f772fdf65d188b4efaf9dadf683509e92456db0c1a525ee0f80f46e0e0977af
-
Filesize
408KB
MD5f918c505b2d00c959f7500bec2bda0bb
SHA1e2dff84d10a00fb3e22713e96034548d1f1167e9
SHA25624fc251048b036701c18cdb70459cceb0395ca866026e56074eb8f7fd4e18c55
SHA512e058f1e3be26054edcd5590fc9f3f242e24090b000f7e479d55f72b3709ad376b6e12583d44f6fdacbe0b729fbd1849c4baa569390f60d9ffab5260f7a98c7f5
-
Filesize
408KB
MD52f0baa1fc8be1de851d746f3b38bd6a5
SHA11ef715db755e559fe3a3db9fe70f0f52c2e91116
SHA2568143b2ee2d02c5a58a4c35133003516d83afcb1af46c76226d9c539ba776a541
SHA512aac499892fdf3d64de775846ff844fb3ce7fdd68ebe65a52ee2e1ac4a97cde56b0cd905f464900b1447d5dcae884363e64b398f0f51d588349eadf120971af74
-
Filesize
408KB
MD5be8ad13c3662e739faf943fa1ae00616
SHA10a76094e1dcfd25c43bcc83d50c1ab18cc23184d
SHA2568e8fae73a9cf038f3d41dcccc9dc30ccf2b8d543d2f0bbecd6365ab67a0a8f10
SHA512064fbb910732f7fccd352e7d6c3c4555440b7e1e1e9ba14944ec2f7137639f20d51e32d924260910e2e8943d543615768dda1cac2ec7d68cc30512a28a5cca82