Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 15:29
General
-
Target
2024-03-05_3c13dc8b646f1fe4bf9b086392d4d324_goldeneye.exe
-
Size
204KB
-
MD5
3c13dc8b646f1fe4bf9b086392d4d324
-
SHA1
85a2ed26fa101805fc0d679cbf116ef296ca6677
-
SHA256
3d7d81a6e1593bfc2d2ab1dcfb97161bd49b37ce03a97346d85858e27b4c79ce
-
SHA512
026b40edfbdc465f789fa70ead8eae20514143d001a21cd9576ecb6112f5bac4c881e66511123fa53200e46e7bc6539e5565068302437acaa7c9a69e2ef6a6a2
-
SSDEEP
1536:1EGh0oSl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oSl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_3c13dc8b646f1fe4bf9b086392d4d324_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_3c13dc8b646f1fe4bf9b086392d4d324_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9103C984-3480-49be-8054-AD643196F327}.exeC:\Windows\{9103C984-3480-49be-8054-AD643196F327}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{429AFFE1-B539-4995-903E-E86211A06C4D}.exeC:\Windows\{429AFFE1-B539-4995-903E-E86211A06C4D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8D688D61-2597-41c5-AC94-6E960CA56B10}.exeC:\Windows\{8D688D61-2597-41c5-AC94-6E960CA56B10}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C056DAE6-F2D3-4d76-80FA-3355310275C2}.exeC:\Windows\{C056DAE6-F2D3-4d76-80FA-3355310275C2}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{07ED5C8A-8CF2-46e9-917E-C46A24CE336F}.exeC:\Windows\{07ED5C8A-8CF2-46e9-917E-C46A24CE336F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{418BCCCA-6B3F-4d80-8129-C29633F883C4}.exeC:\Windows\{418BCCCA-6B3F-4d80-8129-C29633F883C4}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AACC0107-AE01-4163-B8A1-5F6E31473DE3}.exeC:\Windows\{AACC0107-AE01-4163-B8A1-5F6E31473DE3}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DCBA1D9D-5687-47ab-AF62-BD1B661DE699}.exeC:\Windows\{DCBA1D9D-5687-47ab-AF62-BD1B661DE699}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{30B2D26E-2A49-423d-A171-E1769D07D856}.exeC:\Windows\{30B2D26E-2A49-423d-A171-E1769D07D856}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F50CCB99-BA20-4816-909C-319B8893C75D}.exeC:\Windows\{F50CCB99-BA20-4816-909C-319B8893C75D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E90FFC79-6E00-4a0a-B0E2-7B6C9151ABDE}.exeC:\Windows\{E90FFC79-6E00-4a0a-B0E2-7B6C9151ABDE}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F50CC~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{30B2D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DCBA1~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AACC0~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{418BC~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{07ED5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C056D~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8D688~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{429AF~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9103C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD536c45f0392751eb4ec29517b7b5c10db
SHA103262382bdfc6ab565b21465b51149b4cbdfbd01
SHA25607c046c95828fd1dc12bd9b9705997b7cab9fd9d4faf9e121a4279c0260bda60
SHA51200d07647e6c63b32c86e7d02dd247d01c0cad5fcfe8d0a286f48d9849d536f1c480ff63168502354d0508f795ed29267b7e1797e23fe4b294fb5a0db362eb42d
-
Filesize
204KB
MD53f375a4d70635fd9dbb5154205e4954d
SHA1e9aa3e4fabf3b41f47ef305310c8cde48f2be578
SHA256be48ee7b8289ec7c30d1e6f6e0f6a8e68ca327de12a42b1bcaeb42ca3760e189
SHA5126e6b1f4c33c772d77379454393930d131311b7ea46c288f769dca416292397eab067e687f3e771c318d8ceaa071a28cc00a5310d342b558d392578bf70ad78ca
-
Filesize
204KB
MD5f179a95b09bd6842583235832da35eb8
SHA149ea6ef4f37e670aeb1bd08767b98de80e138f49
SHA2568eb9e913c9fbd946c2b27b02eb118366cf8a510eab7ce1a3dbf696000ec826d4
SHA5127aab43a26a5704a5b8861bcd1d7c7439fa216a8c26f1bf5dc70ccd1818c164bffa9af18c37d51cb27e322cd7bcc8085195503c24d1ad5e56320790e7c9f51e95
-
Filesize
204KB
MD5bbdbaa17f2bce443d43a5976b39e3934
SHA1fd0fb55b400c59ae2d7082f3794c259ea810ae71
SHA256765234c202e550c500752f065f0fadc0bdd13cff53560e761a554d74f6f9d457
SHA5123fb0733fb9cd368cad9f79cc0df7dec9ac4f85d157a0c949af6ff94489a28901a2cc35429443c64fb24a312154e0d151a651ffe941c75540a01b1c15ab0e5cb4
-
Filesize
204KB
MD5563870bd32180f6eeb0cf0b3cab0e8a7
SHA18c09365d741e0d8cbfba3b2f1ca33491fca155e4
SHA2561eef743bbb3b7f4d668e4ca6c7ae1b8925d8cec9f16d2e3e11b9a560b01ed8d4
SHA51299a4f94e262f7416170a68d95079c66d28dc74802fe03f1f3d46306f09b7dfe0b53fca4376ac173b561007e06a9e53f2b9256cdd64290e8655fdb5ce0cf96ffa
-
Filesize
204KB
MD5f163531f2e097bdeda4b04af8b17783a
SHA13921c2c0713d91e1577423cbd9b3ca17c1412ee7
SHA256ad9d98f1ea9eada77624cd28ce92d687534340678e0f05d297c593b98385c552
SHA512d8eefbaa935c50ae1b42b08514e82012c1131e0ae63d070c8d536cc6590fe8957cc92aff66d77591cc777646dceda1f750055869483592a47c0fde31298e0227
-
Filesize
204KB
MD563ad00fb964b41cda72f47f3aa48876f
SHA170e46f273895af14f334b3b4467edccaf10e6e66
SHA256accbdac13c39217cbe37a200f74224c73d5a3a5dcc0e49ba43553f9394678ce6
SHA512ca736dbcbddfbacd86338832a20a87025b3a4739a4207b9d177b9f235deee890268f78856a0d73b6197a09e4d4627da9fa862647d748827e9a145b985b0968cf
-
Filesize
204KB
MD5479a149a7c38d63fe2f2dfb36a038387
SHA109945254c9cd841526ae75a44c3fc73da1fe153f
SHA256fef7dfd53176cff10db0811a6282b8be48e8b244c6abb28ce7bd0101e199ea66
SHA5124d9725c1725e2f57aaf310872c526bba0f4c8663e12d94499d3776d0a6ac2236a29d5f74fc21462df22f82e34d5e6bc833a3608d6b1c12beff941b628a1e80d4
-
Filesize
204KB
MD5e4415561a3fcec2227b1f72a7e5fa239
SHA14d3fa087912c0bc94915f830b56f41fb6d3f805a
SHA2560f08e180fa5f64f8e2aa2e50efce1f1fb041af694dae10693df96eee83f742b5
SHA5124fb6641e5b32f3af3f9214d3a7cd24cc3d85e2925fc12d6a52f71b99ef7ff5aa643731444d011bbbfa43815013c430c7a4e4b1306f02521b6ff490ecfa189f07
-
Filesize
204KB
MD5503fd2573e97ea4d381a6d90e287d812
SHA1a233d6f239bff1f3c0040bec142a990c63a2861c
SHA2562611b927d5e727f18cc7d5465b201c5b11415922d2162e8c4c90df3160a5ec2b
SHA5128b2168bdcb00593be804a4bf7a84994a797959ce8d32ace2f0e22d1fb4e465e30ee111d24e8f5797e43372402de6713a455000741be2a25542ede7d2aef5e8c0
-
Filesize
204KB
MD5d79fce785d23bfb70ff0711f38259ea7
SHA1b89827d5dce9b641aed8dbddedc6f57b8f44f82f
SHA256a365f395900313b369146a10ad3a3252afaae4c1294c224593ec84992aa87c9c
SHA512ebfdf30cb4aa23c6439f785ae226faf2434012da4b478f9ba8a821108e65b1f8a2ffe14ee7eb2dc211be02814e5517e7f4f28539fa024c4e15ad4f1dd58174de