Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
22/02/2024, 22:37
General
-
Target
2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe
-
Size
344KB
-
MD5
9d2c783cb14279201d52177459fe9b69
-
SHA1
343287523da81b036d0c67e144532dbe6e7b29e4
-
SHA256
4ebf7ebf8d69d2f4f266f12424424acc8e876b6f0cc5697137f205a0e9aae6fc
-
SHA512
3a4f09184b9bb8746d01216d38f41d3d3f5bd912eb18d43913daa8d5fb8a5c8b9bb18731224f9d8d32d546083e2fafe5fedb39286fc574a3f76363dd9235d355
-
SSDEEP
3072:mEGh0oBlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGflqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{74AFE3DB-BEAE-4207-A19E-4A6715422655}.exeC:\Windows\{74AFE3DB-BEAE-4207-A19E-4A6715422655}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{74AFE~1.EXE > nul3⤵
-
-
C:\Windows\{8A9F3D4C-F9C8-4bfc-859C-3556D3A806EA}.exeC:\Windows\{8A9F3D4C-F9C8-4bfc-859C-3556D3A806EA}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F3CF346A-2539-40f5-8782-C944F40E3354}.exeC:\Windows\{F3CF346A-2539-40f5-8782-C944F40E3354}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F3CF3~1.EXE > nul5⤵
-
-
C:\Windows\{14A14FC4-0568-42c9-9664-05134641DAC0}.exeC:\Windows\{14A14FC4-0568-42c9-9664-05134641DAC0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14A14~1.EXE > nul6⤵
-
-
C:\Windows\{B6EED883-0E00-4eb6-95FA-96DA3B70956E}.exeC:\Windows\{B6EED883-0E00-4eb6-95FA-96DA3B70956E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B6EED~1.EXE > nul7⤵
-
-
C:\Windows\{BB648876-F3C8-4711-87CC-0E288C1EE1F3}.exeC:\Windows\{BB648876-F3C8-4711-87CC-0E288C1EE1F3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BB648~1.EXE > nul8⤵
-
-
C:\Windows\{FD1C7A62-7957-400e-85AF-E72237BEB66F}.exeC:\Windows\{FD1C7A62-7957-400e-85AF-E72237BEB66F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7501F292-EFAC-4bb7-BD11-4A590CD289C2}.exeC:\Windows\{7501F292-EFAC-4bb7-BD11-4A590CD289C2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7501F~1.EXE > nul10⤵
-
-
C:\Windows\{37078090-3677-4ac6-B901-A119067EA396}.exeC:\Windows\{37078090-3677-4ac6-B901-A119067EA396}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37078~1.EXE > nul11⤵
-
-
C:\Windows\{ADA0ADA3-61AC-4074-84A5-4EBDC4AD83B9}.exeC:\Windows\{ADA0ADA3-61AC-4074-84A5-4EBDC4AD83B9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ADA0A~1.EXE > nul12⤵
-
-
C:\Windows\{FCE6B716-5AF3-41f7-B542-F6E649577A9F}.exeC:\Windows\{FCE6B716-5AF3-41f7-B542-F6E649577A9F}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD1C7~1.EXE > nul9⤵
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A9F3~1.EXE > nul4⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD574189b3d1a51ca47d21fb89c86542ef9
SHA10c882c9e509af0d6371d2954d9f53da73a01bf25
SHA256a9bdb60ac9fc524d63c8a0624619b5420c781adc1243cc65c32cb2c3ea9edfda
SHA5126364358b0acb7632c3081a528d34a28a9538c70e1338eb1b28a63f7c54fa749f0c9adcaa4f250da8841cd599e7026bb5120be8190a5397660da92a1a0afb2b85
-
Filesize
344KB
MD5ad9d50835312313d9922aab67b2c626d
SHA1d5c0f9d23d6722a001429b56194822c7c6ac85e2
SHA256b41a3991f95fb9c11d56b8cd74b5a3fa1d0005e0e9ddf0d288338d8af6564170
SHA5125427e89c5ac5b68e6871a6a998c8e47c8a44fc032220cd2af1da3b2c76b77765c3cdf1cd6f9e5c205d65d067df7a5ca414508ec5d3fa7ec63eea59f9f60b7612
-
Filesize
344KB
MD509a2ee257b77db907909f6fe664acf99
SHA1acbb8b00136e18d5daaacbd0e8a24d01de10b729
SHA2567a040bf8c970708715407ab576965ebd37dcd9418fd3d82203ddec687faeb00e
SHA51299f9feb75568784f721d8e341696768acd4234e2e9e62835098236dd2e6fee367df35d8f45cc7d2d3deb9a998f92db002be794163cbd0d5dd136062798def5ba
-
Filesize
344KB
MD5aba0917e5947d6b9a39145fbbb9465ff
SHA197b8a237cf2a1861ebb7711f6f59b6ac6a961ad6
SHA256e361f0e8700833c1159efb7381ff8d9e6d90afe1e2b2d91ec4202d5e9ba2e134
SHA5128e26e72b763d5b3bde982bf58f8345b2e9e2cea38602c71bdac0371ee837331c4a48664d630c4f94b79447bb38078bc4465ae37316648fab7d25abd6f8d36a3d
-
Filesize
344KB
MD525942a20e279a185b5b9ca5218bf338a
SHA1fa06253543431400d231cb3212cd1afe0b6798ff
SHA256e7e5e8fa089069d376151172cc0746d483cca32046e498c609d5a622a34680a9
SHA512c626dd26c0817d0c74084eed7d80cb3e2d47e74dd740c200e283ce71f8ec2763291b08fd652718d4c7f5f1b564d4bd3b8016ec2e533b70f5e8521fb13d3e0646
-
Filesize
344KB
MD525227b3a5e42a2d675d1d4b9a41f6723
SHA13602b9f1aee845378f0c148f6e6a720a3ae2057a
SHA256f8371584ddfcb7b1819fa39ce5dd96027366dc1a8fa0d6e801ecc21fd7b97688
SHA5127e5d7bb088ca0e72f85aa0b819494ac3f9ef8c3f099e00a3daf57c1c2b3b4229d7654ffa8c1f47f4961ff71e453a6f9daad4cc7697ccaf10d29c1490fdb08d5e
-
Filesize
344KB
MD56b6f6bf137fb43fc03d9aae8188a3755
SHA1908eb3bf49edec20247f335c7b87326a7e2385fe
SHA25661237280bd59daaeac3384456123a155c4c9b3164d7bb9c64387ed0f97ec102f
SHA5123967604cf3df0d50e369a154cbdfd453450d67520d80103ac3fb7888f7910c3b502132c70b70f66c166857c0f35b4d55a365c40a267e1b3ecbcc1be2e428e5bb
-
Filesize
344KB
MD50f6de5f7e2e6055e8e020416b3e61fa9
SHA1e1ead32db1f57c304c89726b24be4ea9ad2ed73a
SHA2562e37ac7c5684e73361f01abc8845b072210925f1cc918cf195769aec6df4890c
SHA512ed7ecc6b163c2ca8cc9b0007f0574bd6adbbb7ceadc59085d075ed43e3531bd0582ef59114cbe8151324a82c74b94b32322ae922b42c39a2f2004ccceb5b9f32
-
Filesize
344KB
MD5d1205637706594620f0f06d7d8cfc295
SHA18233be266bcaa2442da13920dc3464b486c9fc15
SHA25677eeaa482e403475ac61710a98cf333fbf607b061644fd07636b51dd8d0098e2
SHA512bc928f824f8bc64662dbe12d9284897b5daebd68739bbb3c680d5551318c723d8960935cbfc17d9bc778cca8405e6a8839063d15f746b25b1bc487ee6c1bc75f
-
Filesize
344KB
MD5dbbf1ab7c71544cb4140e9458f102c3b
SHA129d44fbb58165dcab61cb85340f610435b1a4926
SHA25635de9b12a29db0c38d5c119f38365a6a0a8496c6a290bdff40eafd1d84b0d5ae
SHA512f547d5983b755895f038e2521a12899ff9aaa2cecce96629db8df3287beb58054e414e6ce2660860349a1b801e55fe315f2cb59bbdf42bf24f21c6a0e2e41220
-
Filesize
344KB
MD52d3e9c5ba017c3c57c01d9afdfabe6b6
SHA1c9b75dfd91ba782861f7cfa53cbaf99c2d12e6f6
SHA256b9f773120685b204ea87e52a778ec7d0afb36cc7cbdef55e840563b06932b2c5
SHA512592b865763ac62902c4614035ad2dde5ef41b6c925d3641ac7312064c8db5618f5fd174607066f942083c5b8ea6ad694d59f3ea548906437b7f69ab17302a1ed