Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/02/2024, 10:56
General
-
Target
2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe
-
Size
380KB
-
MD5
ee8677e786d37814a7200bf9e430c69e
-
SHA1
cfc28d1d0223cb0d18ead6b421645828509c7783
-
SHA256
1783e0325fca91b73a56961d301bcbd451ab0392613d54e0393fd0f3b3fd1d00
-
SHA512
692e41c25005a3d11705506708581881d1b87aefcdbd83adba254bd7754ef31c282ea71265617a70f19f0c30f35f746e9b3a1479405ad8aaff2cb2e3beb8bba3
-
SSDEEP
3072:mEGh0oHlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGxl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B310FD26-44EE-425b-AFB6-198CAEFB295D}.exeC:\Windows\{B310FD26-44EE-425b-AFB6-198CAEFB295D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22BBA863-7BF7-429c-B128-4F7211F047D4}.exeC:\Windows\{22BBA863-7BF7-429c-B128-4F7211F047D4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{11A8A1EF-E2DE-4d31-ACB3-48F9C9609BD6}.exeC:\Windows\{11A8A1EF-E2DE-4d31-ACB3-48F9C9609BD6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{11A8A~1.EXE > nul5⤵
-
-
C:\Windows\{363EDD10-D92F-4cfe-B069-73FA60301682}.exeC:\Windows\{363EDD10-D92F-4cfe-B069-73FA60301682}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A856996-7780-48cd-BEF1-0AD68F964028}.exeC:\Windows\{4A856996-7780-48cd-BEF1-0AD68F964028}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C8EF5A5E-A8A4-4623-B789-7762CE61586C}.exeC:\Windows\{C8EF5A5E-A8A4-4623-B789-7762CE61586C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{571CD5C1-71C7-41b2-A793-8D52FD909DDF}.exeC:\Windows\{571CD5C1-71C7-41b2-A793-8D52FD909DDF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{199F2F83-BDD6-4014-9DFF-F604A457E096}.exeC:\Windows\{199F2F83-BDD6-4014-9DFF-F604A457E096}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{73906558-53C7-4d92-8D07-DECF7B947CAD}.exeC:\Windows\{73906558-53C7-4d92-8D07-DECF7B947CAD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{73906~1.EXE > nul11⤵
-
-
C:\Windows\{0D62699D-D54B-4900-AB28-471E50427F85}.exeC:\Windows\{0D62699D-D54B-4900-AB28-471E50427F85}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D626~1.EXE > nul12⤵
-
-
C:\Windows\{591E26C1-089B-4b88-9486-C05DB45E7EA2}.exeC:\Windows\{591E26C1-089B-4b88-9486-C05DB45E7EA2}.exe12⤵
- Executes dropped EXE
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{199F2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{571CD~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C8EF5~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A856~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{363ED~1.EXE > nul6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22BBA~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B310F~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5ff71b7d8c85ca5b1f10d250a675994fe
SHA1608488c3d3df333ce92452d535790a5c020defee
SHA256c94249976ecc4fd8c0418f5d185674bff94b48fd096bf815fc56406c033f97eb
SHA512a4becb32857d1f975594d71ba4acce2de28dc81113b07545e133f54542f44219e8aeffe6385d0448ba75b00d7f8c792a4a9bc4ebef84021874618041f98d24d4
-
Filesize
380KB
MD5e8364b81f976f12621f19444abd63489
SHA19830effad5aed7e64cfbfcae88ba9a5204a292db
SHA256fd191b4152a15f500dc98edba4533b5917eacce6db591ce3d6ef52a0b9b3c7e8
SHA5121d572661e3eb714bda16f457a9a02ab57acddcd2c764ec52764f2c35a4e2d2a288afa1bff8c0419f748d71d56d5147a10fad056216d75586f65f0b6fee95782d
-
Filesize
380KB
MD5605cda075997d2542487c0df367f57ea
SHA12648fdaa7e404fa953db37b1f8cd1da0e08346cc
SHA25681580a24d4f858a0cd0ae68f790a84e87e7c988659e4b430d24c9d9e12a46331
SHA51211de754429c79fc6081521af52982a5453956f41c4e6c9e0ec2b1dd175e12298138eec14d4410553c8c0523268fa131438d184ef9a214f8fa31719fedf418eed
-
Filesize
380KB
MD53aa5160c4a35464b0f3bd71500b6e72a
SHA1deef75834236bc6f2076ea825e569ac7cbed804f
SHA2562652aabcf751620caca80f0a133007776318e1c0297f96ec601a7f290b6393f0
SHA5124d3ca667cee7167530675a9d4a754a392ac4bbd80ec76d660a453b26247a80fd199aa35aba87f5e46ade605f3f72e6ec5aa00605c2ae0d08461da4c57fdc0671
-
Filesize
380KB
MD5555c96ea448a4f5875d374f4ba6e42df
SHA1583c0a83e0bebaf652a09542a10ae2ec5b673275
SHA256dada6a41956f7893fee5e8ea674fce1795e3dbea747818f1b741c673fbddad1c
SHA512e29b034784322a2c0425f912d3db852ab90d1352c90fcdd55eba73275559a2c5016f22a6e6865a3380b69a7708effe6261a5a6d2bc83c750805a5ee673ebd0ee
-
Filesize
380KB
MD5e510979070abc9fe70d62f2d7a6e25d8
SHA1a7418ad3f18ec97e732238ba14f443132126c2c2
SHA256ef886049b9c3dcb2120e207e9fdd0c8281b99059d01eb02f49decb70f1d933f0
SHA5127933bc13736f2d0ea335fec130e3761a8b845baa434c807618e4e1049594dea337dfdd3ad2a5b974d50457f6221f38b5135d6cb440c49f173eaface4033f7edb
-
Filesize
380KB
MD54ec6cb57961f893c763756a1a0f20221
SHA1cd7a4d72a6b3cf9e20794b2eb91fbe87dd3b687c
SHA256a5c17d3b3af561bf66ee3265398d0f9e1fe8050b34583456109512da59676eea
SHA512a9ab4393b1c4912a873c0d28b7ad9beaedd773754a8dafe66b1d50012e1fb24b01cf523e38428ec9b2578c5d57b8c77b73f8f101d651cca2ec84faa3d1af17c9
-
Filesize
380KB
MD5b110ee77958b2c2875f90d64f65871b9
SHA18fabe36553ac4b6f68e62d6503cff48113ff0ee6
SHA2561c75c921467071cf18db000144167ed991f1fc7265d62ea1f48e55d5312a3429
SHA51252393636462e9edcfc708482db8d0563c876b3a6111595cbdec89767b35717f44f90f29fd8038c30e100c72e8dea498c584ca8e9d50ae32a620880ac8ac0fda9
-
Filesize
380KB
MD51a8e1eb42ebacc14fc58cf32ad03ad64
SHA1aa2505e95e6c88a4d9710b87bbcd04ed6b15e828
SHA256493a1a64092a6bb026435c9b8e9151ca0c18aff88f0e3cd7c5a8972bd6aed2bb
SHA5121ec3a74520aabf7ccc20f295d5225d341174e215eb726446f0d20abddfeed235e713d7b88b55b43369e112b5d79988fafd5a3d9d27a5ab2c6deafaf6bb63ff37
-
Filesize
380KB
MD58f86cb2312686015689d3e62c48a9709
SHA162334252542d9d3f0cd40099463080d83688ab4d
SHA2566317fb54a10352d2d7c0864e9a217bbcd7efc2de4fff7cc9102f425a7ee4e1b3
SHA512622b6a39e7fd9fe4292a717d74f8fab6c7f8b1152b8b8221cc7a7f87cec1a7c068e12056a97d550c4722a516fe93dca333cec552075f44b800810444fc1521bc
-
Filesize
380KB
MD5f7245539ae7ac212f355d85a8c8df7ed
SHA11123d37a87431ee71ffb4a4809d2e08ddef29e81
SHA2560c3a53efa518f522e0d7001dcc4a882212fc38cc7cf92798a94086a5250926ef
SHA512106b653ac4e288d1f206fa1c3f46031f0b31f51d1ecb7cff57f1d2e1e75a85637052c5829706a12e93ef8272c69fce04ef2a5ff0c491b1101335380dd5473375