Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 12:55
General
-
Target
2024-03-05_c0cc9f2a196d6040261cd5a1d955ae58_goldeneye.exe
-
Size
180KB
-
MD5
c0cc9f2a196d6040261cd5a1d955ae58
-
SHA1
d684214c89e431e91fcccd0c9a77ba49eb24fdb6
-
SHA256
e61f010f2f8e4e654ad1cd06ccffa17eedde75f3e5e0344fc4b6d632b0632516
-
SHA512
a4785dd04a67ec0115a1c4b050849b6cfb2611110087729c578a9b409014af1cc034d0b3e4990b6058b4a3a33c9e6796c805baa06f0765a1e0135427d7ef65c2
-
SSDEEP
3072:jEGh0oNlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGrl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_c0cc9f2a196d6040261cd5a1d955ae58_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_c0cc9f2a196d6040261cd5a1d955ae58_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F7D1056A-243A-4b1f-9F9B-B02FD6955093}.exeC:\Windows\{F7D1056A-243A-4b1f-9F9B-B02FD6955093}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BAFD21EA-F276-4836-85AD-838A50EE3540}.exeC:\Windows\{BAFD21EA-F276-4836-85AD-838A50EE3540}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A82761BF-00AC-4af3-94CA-CC7B8EFDB6F3}.exeC:\Windows\{A82761BF-00AC-4af3-94CA-CC7B8EFDB6F3}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0DB18C36-A6B3-4fc2-AEE9-FB41080520B5}.exeC:\Windows\{0DB18C36-A6B3-4fc2-AEE9-FB41080520B5}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AACD546C-7E30-4e01-AA27-23057F304DAB}.exeC:\Windows\{AACD546C-7E30-4e01-AA27-23057F304DAB}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D5EA78F-1A87-4655-82DE-BF52447F3FA6}.exeC:\Windows\{0D5EA78F-1A87-4655-82DE-BF52447F3FA6}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{319A7A73-0F88-49e2-9139-5C580692A6AC}.exeC:\Windows\{319A7A73-0F88-49e2-9139-5C580692A6AC}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59E6D0A0-35AF-4a7e-95C5-4993ED5A5400}.exeC:\Windows\{59E6D0A0-35AF-4a7e-95C5-4993ED5A5400}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B7CF915F-EB1E-4993-8BD0-A9DD8546C399}.exeC:\Windows\{B7CF915F-EB1E-4993-8BD0-A9DD8546C399}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{57452709-6F71-42a2-AB7E-20C83C20802B}.exeC:\Windows\{57452709-6F71-42a2-AB7E-20C83C20802B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A344103D-986D-4276-8C10-E8283E7AD0B7}.exeC:\Windows\{A344103D-986D-4276-8C10-E8283E7AD0B7}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{07E11A93-0C32-4791-A05F-711872A2C76E}.exeC:\Windows\{07E11A93-0C32-4791-A05F-711872A2C76E}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3441~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{57452~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7CF9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59E6D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{319A7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D5EA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AACD5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DB18~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8276~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BAFD2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7D10~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD580273bfc335f8e5555eccaeadd853bef
SHA19ee8c1f85d8eb5e8c6607c5a1fd99bb3c5780b85
SHA256df591bd68c5f75e3ec33f564947df2cf36eb0479348f1b4f5c74cf724a1e7453
SHA51208b5f00eb8aba20a734dc310b089fea0de97e32a80418c70fa17d1e31b7fc9d952d40a3113d5b1de7d4910aaeb099a4404eb6835e303415914c6e2b7b9d2b2d1
-
Filesize
180KB
MD593c38c3636f888bec355ac2b7599b78a
SHA1aaaa4be8b155a2bb41d445d53cb0ccd5a2018cc2
SHA2565706ec791c6d1ea57be129de0119f2838c4617d147bfd6e25562ce1d4e3d4933
SHA5121f9822d130c4686927084907e79013769a727362713ac93f07494eda9ceae63d01bf3ccfe45c0ed9995b510cca4bf850790d83b22d8a293f4abfe69908b7df60
-
Filesize
180KB
MD5b7f5bb922e3f93c4783dc07cc7326ba6
SHA1a14f0dd33555c4b405bc77fec231c306f6e0c1e8
SHA256534f0673e0a1135e723a2e9442f5f0fe7a1b6233e5a4f03cc27fe65dc57d6025
SHA512bedd52b79c7919e501841a6c75746d795666b195b604f715cda26fa510523d99a34edf49a6bbc6f4faae383a0fe0caa2b0a2f6e6cac80b66c6b387313a3e1cbc
-
Filesize
180KB
MD585d43bc1e7e0af6c6931125f134baf6a
SHA181631d891e798223c79c1a8e1a1715df8a82e150
SHA2563de818398c29b17af2755d8470e09faf3234e97bf60f1f7f56e15cbd6199e2b8
SHA512616fa26095ad33eff0cc04502d6def5c2001856af8a62b0a1f32605a26dbcccb859afd8ca35089ef2eb354a263fda1ac6e54c1c77425b7cac17b1359170fd546
-
Filesize
180KB
MD58dbb44136fb50fd2febb730e5572d536
SHA16cb56401b3ec585c273f36438ce0026d1e8780ad
SHA256b72a34dd969c2023c1970862701b557aa9467f4b94548dba9afac5020e9402da
SHA512ec9408e128a430e7a9977f025c14c7361d9662b6755502ec2d7e91b1181dce7f8a8ef8f80ac7c922fbcc906d3bbbb53c54af2196b033cb761ae6ea00ac227040
-
Filesize
180KB
MD5c9f8e3f52abd937c321aae27c7a5722d
SHA1d37f4b8c00e1fc2182e9e46c2602038774bb4f15
SHA2566cc72dad352ee241bf19816e329129d32abd9a6b4697396579651e5532837f9a
SHA51215c4f9f1b4609847bc5cd9e4a0af6e8359ab567168c26ac748eb52b656040e9bec9f21f49ed7d09d8f42cd5cc054711d59ea4d5b7e7a3b888e9c986bbdaeb08d
-
Filesize
180KB
MD5183ea92e27b2f2d5a143b0a00b9c2bc8
SHA12af8176737f782a8ef7f262002e2b766583224eb
SHA256fb737b3142b0610ce3e3307d2716de5bf5c4e11db8bed6cd44d1020366705fbc
SHA512b4754c18f824574aec415e22853e9916b34cf8a5b6c457a811e7460add92506e2d8620b2b62266539a1229531d5723c217f878eed1c02c465f7ab656bde30e0b
-
Filesize
180KB
MD5fdf68479c888adcc8e481520790ec6a7
SHA1f8efb98cc3100cb736a57d06a1672d861ea593c5
SHA2569f4dabd2839395d10969a5a982f85a46594af57b711e4c4a3848761cd2708cfa
SHA5120a5f80a9f15fae0fca7862385e8be24c23ac4aa848bb885363e3c722c243115ed5f4f7d454ee222a17abff7242bd8cdb7fc977cdc0bff035ba4b82ae89687b79
-
Filesize
180KB
MD533cf5ab2078d3063798b1c10419ca7cd
SHA1069b9f41209005bff8963f76a29e2435d59911fd
SHA2569b200bbfd07ad8f3bb17109b5e5596ef1e1ad87db37eef05e4c98c3d2f14a2af
SHA512e2962b1e755d1d9bbbb3997ab9b4a3bb9c6eb977a1aff50a813d2216c67ecb103821a13072b15e51230e076e7440efe5555f4b1ba36c93c5793c65ddacb8a8ef
-
Filesize
180KB
MD50dafbf621ba1ec8704752c609656f136
SHA16df09b59372f78a96360d23d1a238ea3688a962e
SHA2568ed1f70cdf700c468d1835f7becc8482d71a99c0e31db745cb42582373e02401
SHA5127f76c4688631c02c8a66d6e948e7a7c939157d7a11607bde3c9b3899a4a45537ee228ee7f33974ee693b4b05b14cb087cd8aa17b14ae6632a3750f3ed549bc4f
-
Filesize
180KB
MD5fea8182d2b786e403869d3e2825f3415
SHA13a072166489c9a0a6c51f00edde36f52d274f6fe
SHA2560aade81fb78a5022bd460376f3fc3a57ed6c7fd5e1519e1cfc8d6b4799d542bb
SHA512ae8fb17ec1126f8d01a7adaa271ceb6389cbc50166c18a0df31216e2be09ad970cb0b4f35fc6c2b0aed6bf0959e97383cac17bf0638e9e3da1862d212e6072e6
-
Filesize
180KB
MD5fbc407a24d08fa24c27920917e44fe58
SHA1c1b020d7e373afd288bb59ce4feb2f7fae39948b
SHA256bcccd13c1422c0f2daa6f9dac3a5139901123d8b6568cf1da5e35d90484389b6
SHA512528c8ee2fe0594483ebf5dde8624667504c3f0e25beabaff60a375cce9db51ba747398f20ee21e58fc0bee45825b674610c975bb017cbb1d2605475712e4eef1