Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
21/02/2024, 11:40
General
-
Target
2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe
-
Size
372KB
-
MD5
9bf351853b70dc260a5baac08d6fbaeb
-
SHA1
77430875bf961ab9e1f0c81892476b2164df5287
-
SHA256
66ef52467495a8042844dccfdaefabb7d3c690c3f29b3ec29a2c292ed766e874
-
SHA512
d56c700b6424a44b49ec7dad44dfef639c89a6ffc828b2cf9e214ea43184997cdd3a826ad4045b0ceae4deacd1cb8180c6b9441a04800b80d090c41a17f0ed52
-
SSDEEP
3072:CEGh0oVmlJOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBE:CEGKl/Oe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_9bf351853b70dc260a5baac08d6fbaeb_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{425541C1-9EF5-4255-B9F2-6CE883301DD7}.exeC:\Windows\{425541C1-9EF5-4255-B9F2-6CE883301DD7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9C6A167-84AE-474d-BB75-3B187F077B45}.exeC:\Windows\{B9C6A167-84AE-474d-BB75-3B187F077B45}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9C6A~1.EXE > nul4⤵
-
-
C:\Windows\{C79B1FA6-F16F-4d0b-B450-CAE5466474B4}.exeC:\Windows\{C79B1FA6-F16F-4d0b-B450-CAE5466474B4}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C79B1~1.EXE > nul5⤵
-
-
C:\Windows\{D570C405-6C64-460e-8CBB-942F4FEB1160}.exeC:\Windows\{D570C405-6C64-460e-8CBB-942F4FEB1160}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F1DD5C4-D9D1-4cf7-A3BD-F0AA46E2C481}.exeC:\Windows\{8F1DD5C4-D9D1-4cf7-A3BD-F0AA46E2C481}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D4CEA67-C585-471f-B20B-FDFCA095565E}.exeC:\Windows\{1D4CEA67-C585-471f-B20B-FDFCA095565E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A985B6F0-6C62-468b-B404-82AFF2B84F40}.exeC:\Windows\{A985B6F0-6C62-468b-B404-82AFF2B84F40}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{01EF3918-450E-4047-ABCE-DB27EDCAF86C}.exeC:\Windows\{01EF3918-450E-4047-ABCE-DB27EDCAF86C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BC1288EE-A221-43a8-8D26-9036C0A599EC}.exeC:\Windows\{BC1288EE-A221-43a8-8D26-9036C0A599EC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8A901F5A-5792-4afe-864A-600136B373F5}.exeC:\Windows\{8A901F5A-5792-4afe-864A-600136B373F5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8370D4B6-909B-4b46-BF05-B29BA00795CB}.exeC:\Windows\{8370D4B6-909B-4b46-BF05-B29BA00795CB}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A901~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BC128~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{01EF3~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A985B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D4CE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F1DD~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D570C~1.EXE > nul6⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42554~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5fc0d9486c544779920bec4cd7b7be1a4
SHA163b1e0f3e308798cde18809302b0595dc5563fcd
SHA256c73b4e80bb3364ddf4ab1db880332e3063d3c77615167994a98a339ef22ec507
SHA51218469bffbd77fac412354f86bb082831a631ff5f308f4a60e8232784f059dd8dea04f22e3166c466ffe74aa6c609bafb8108719853912eb9d726c0ba8d89896c
-
Filesize
372KB
MD5948e9236eded84f89e31b8a7d587b0d0
SHA1be67ab4058097f12b1ac6deaadc198cdfae8853d
SHA256e680dbbd707c3166ce85ccdbf68c7aaa4ed645e0ce2086406228ff153397565e
SHA51264dc6a0465795b4cbbf5be55efdaafeaef0ae2a7a6e38d62fd26b6c2da7be690ddff044d68da357f26abe3500ff6ad767ac9b8a826714a6175b294265834e2dc
-
Filesize
372KB
MD5e47311f408bb0e0a2144de4062f3bc6b
SHA16aae75c767e159969ca51ac6fe33f4029d4dc84b
SHA25689dde51d70c0e01b94137f72df7929bdbcedc6b20c9bd758737d34d5ceacbff9
SHA51266dddd131dac9239b95cf3bd8c905f797ec285e2596591fb7d007b28080e1f09f041444016801c12dd3fd42c52c796fa69d01ef11aec97eed899b47e0191f4a2
-
Filesize
372KB
MD5e6eb09ed25ac11c5cdfa6540ab28cb3a
SHA1b8293d32d14fd6e392cba4904b454c0eb13fe264
SHA256e872fdf5faa428d267c22b387d4b703e1684b91aaa05db43fbfd30cd2823ce5a
SHA512bef9ee80df9639b767410dd596fbb6773411e00dc701fc7724016bbc5272224ce280f60e16da3312243ad041e427f6522603ee8c7087d60e32968213a5882d93
-
Filesize
372KB
MD5b8c091f2e66c9398798591a7194fd9bd
SHA159dd76b2d116cfcdcb98627b6dce034ab94d53ac
SHA2566100d5fd0036a77a595f22d8cc62af587902b79f7754d4413161af6ba527edcf
SHA5123341eca4721bd49840b32d391126d2b593d30d0ee7e5e4dbcccf5094be727ad44133398359355c20c903e2eab31a707c526fd329613b1f1536cdf637787fb932
-
Filesize
372KB
MD57aafbe49fdcf29117533fb0d2bec8261
SHA1ead379075f30e085d903c9bf003cfacc74fe65da
SHA256c3192b9d825e7e463769cb1e180433abb225d17efa6bef7f8474614ed547512e
SHA512debd525b0330ce404fc3230432c49dca093dc481556f0c84286519d8f2427195effe47db13d09f7ac4ff6ff6ea3188ce84b717cff319226ad094180f5d29989c
-
Filesize
372KB
MD5c8b421142c9928012f236c0c83dbba42
SHA158a298d6718ee372d3303fb25e120de738a1e700
SHA2569833adf5a8c868cbd399b983100c4239cd86c5284be383d2f992cca2e030b4ad
SHA512ec1ab8cdeda63aa71f082ca3203d64238abc4f5693a3d5382e9fb1edcdd4c8fc6ac121f31940b911cc3b7311c8264c69a48e2c1eabb039b2b2fb1bae67483b05
-
Filesize
372KB
MD50e9912bf6af7f6fe1f6dee5d4b48a53f
SHA1b203efe5b332ebdb732e17c4fdad9109ddd4905e
SHA2562604d3623d0203e0730c520ba106e0c881f81c3df55a17e28b414f4a6941c6ef
SHA512309193d897c7786f53ceaa88bdfe1621a5f707cd79913cca401e1a67bd6970fba56499d6ae5066478e634bc94e3e3c59ad3821dc8d86f1d9029681327c5a410f
-
Filesize
372KB
MD5d0d33229b85de58b75b028a537f7be12
SHA1db3300d39a561a33b8b98926e4223c01fe897252
SHA256826bc9e0ebac231e591d08db6d2f7df7acc2a6fc7449466313c20d21b0c3b8b7
SHA512d34394e92d35417f1d83a38decd1bf7522e2430407a72388a58a2f61628eec70465bf2a04f9d904abf945b297cdeb09c57dfb92775bd010193e49e0f11ef1574
-
Filesize
372KB
MD54f4d89f289dfec95f20cafb9fd89ba0e
SHA19a3737283cb6c6290a40d7d13057679c84e2719b
SHA2568a152465225f92f0c538c0bc3200c64ba71fa296a864f62147b8fce768c0ff2f
SHA512c202b5291b945b12b7acd6a4a0ff8d115f054541c2153eddd06f0b1fc015749d1bd21ae0032a2c5453dd54300a241c2a32c13bf8dd49005027bee73466ad27e8
-
Filesize
372KB
MD58898083c164d38f0aa357f3246ef57d1
SHA13a1cf580ebddd7f809a43420365df3eabbb27c11
SHA256cbcba6b21417c1eb4af78c7ac925d20e6065260d042f000f91db44769c646585
SHA512e263c0bc81e812b30cc846c1f3048a813a24027e12947807df57d90963beed647b5bd026f9fd0788b56da872f83f3be64b450cb7a6ad364fd2f300b49b5fdf58