Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
05/03/2024, 20:22
General
-
Target
2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe
-
Size
344KB
-
MD5
35ce086511f910175549a32949c56ac3
-
SHA1
08571b7d3b1a4198a19edbe6c49804bad2bf519f
-
SHA256
d349ee6d0de9f06fe8699b90f7ad82a93ade497bd3fc52642009b7b7877afca3
-
SHA512
fa5c22cb0a57130bae13b001abe29d766eae90ee6b37bd7176db2106b5f1f4a8c05875cdd4c678e53a2b6fb359c9d700cc3a3e38706d467700c2ad94db87327d
-
SSDEEP
3072:mEGh0ohlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEG3lqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-05_35ce086511f910175549a32949c56ac3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C77A0D03-B233-4bd7-A21A-E793B907E6B7}.exeC:\Windows\{C77A0D03-B233-4bd7-A21A-E793B907E6B7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1225BA81-5AE0-407a-85B3-849D06DF6129}.exeC:\Windows\{1225BA81-5AE0-407a-85B3-849D06DF6129}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A815FE34-3F25-4ac4-929C-E7F932849CF6}.exeC:\Windows\{A815FE34-3F25-4ac4-929C-E7F932849CF6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10807375-3A6C-4a17-9A4D-47181453AD6D}.exeC:\Windows\{10807375-3A6C-4a17-9A4D-47181453AD6D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{399269C1-0CA5-453c-ABBC-1340BAE220DD}.exeC:\Windows\{399269C1-0CA5-453c-ABBC-1340BAE220DD}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B347992B-1A86-47a1-9B32-95F0C4A3A292}.exeC:\Windows\{B347992B-1A86-47a1-9B32-95F0C4A3A292}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4765D83-D959-4899-BC5A-D0AEE23DCC2D}.exeC:\Windows\{C4765D83-D959-4899-BC5A-D0AEE23DCC2D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94D8C7A6-F1F0-49e9-8542-F6BB9F8EEC84}.exeC:\Windows\{94D8C7A6-F1F0-49e9-8542-F6BB9F8EEC84}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{66767326-23F2-4c6a-90A7-5EF79CF88895}.exeC:\Windows\{66767326-23F2-4c6a-90A7-5EF79CF88895}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1977EA8F-D4EF-4b1b-A03F-32FB1AB3CCE2}.exeC:\Windows\{1977EA8F-D4EF-4b1b-A03F-32FB1AB3CCE2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E8223649-C884-4e39-ADD1-7E8802EF0167}.exeC:\Windows\{E8223649-C884-4e39-ADD1-7E8802EF0167}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1977E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66767~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94D8C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4765~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3479~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{39926~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10807~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A815F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1225B~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C77A0~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5251e2e77a6f210d36cc8ec5ff07c68d1
SHA14bd43de89d99817821aaebb05dee71b5e897942b
SHA2565f273609935ba897b0c652903f6d3ca73e540aac52be4cb6fbead404e8db98da
SHA5129251024f9a72c500d294b45bc83dfba498fdeb792e6652b60e79e42c0e16e3f5d395c397d06ca1736ddab08803cc1ff7e3fb4234fb01248ad83ebac85ba4f500
-
Filesize
344KB
MD513247329d9b2117ebefdd8b461577b5f
SHA1e1a62ddd4e8009e932c6518f709907d7457e7600
SHA256c4f43b241ad6c5968b0492d51b74c75c2168db1417c706f8207a085172d4c6e4
SHA51211dd5d1744607dcf600520ba14dc75492b7567e9e82865b94a9da6d9deea08b517266eba93c92b5f5e045878f3e4939198f237c6c04a2edd04d95d4040d51810
-
Filesize
344KB
MD5eb0760843e298bfaf75f3eff85e4988a
SHA14ff50a5901451273b8ff27bb8ade069793f1ae57
SHA25601a06a373bc7782c89166dca017de1ea02136e48cccb6f12206331a4eba3bdb3
SHA51263a784831611884fdb14556f63ecadbeab7199223e0acfbe65ce7f93997871ef521475a11f76e0937fdf5f7204009a88dbac9a42aeb74ae3c67c37b9059c8cd2
-
Filesize
344KB
MD520ac19c381d85dab540333d6184c2d29
SHA194f440a48876d9c09c6b1093a66feaf262067bba
SHA25613aa9df2508d0523633cb67483b1f65ec982b2cf86bd4c351015e695333e2797
SHA512d0ac3d21869e9f18063e1f9a5e661b52223226182eb81cb7ec41639a627089da0d4d2a34c4d178e86e2ff62e264b9561f502399cc85fb8904b6be483bd1b5a3f
-
Filesize
344KB
MD51d624f3483a032f5ccb2058586b2957b
SHA1d10a3e627def171de887d739025336d0c7339de3
SHA2568504e33c74daba5e9f708d36c0d162a3d0b62b464915b2a1d03f9f76d58ad38b
SHA5128e675da076d47cd33c5df4cec576421fcdfc720ef905244f56f48fd48a202bf7984d8488b3a7548545a518fca024d4d349858a6eb0e32d0984f9c3f06fd1867a
-
Filesize
344KB
MD590a8a19a5f2a27d9f5f8ba52ab3064cd
SHA1aff0e41874af798784b42ba42ba457bc3ccad4d7
SHA256415fa774c4a240da088a9d074458187c148164b8ae98f06a3fa78bad66b4374e
SHA512f318f94360ad987dcc1168254700f6b9ebcf3d365a856dd28191c1bd13a4ca37562a496ca654384997036dd0726bd1c8c9b4cfddf4b22b99a52c9810fdffaf19
-
Filesize
344KB
MD5c001d10be9e23164a777e25b79bebb14
SHA10078ccb2073552cc2945ad1047c6b19384621053
SHA2564289abe9e5f9142ad2741d2eb131f07b56e86fcb2f9e8b933b670d4b1e6745ad
SHA5128500f7cffef0da45e92b75e7f569232372c3983c583534eb0c97efa607b124c115e041ec6367b87ff2bfa73a09cff88833056fcb2260934ba365836ad481bd80
-
Filesize
344KB
MD57f7965f7d0aa250c48ea6824a3905ff7
SHA133e2fda6fc2998da7e11a71b7aab8b2ecbed8ba9
SHA2565822a8aee7f5e93b11b43cfc4337e322398b53b1a96a9fc15325ecc93196c6b3
SHA5125ec1585b8b4da2ab35093f12ccaa4925b87e03e4a4d4719d8e16cdf598abb3b5e6cb512eb998b8eb8d0877c6f89e8d3dd03509d86c2b93d68826c0875f96e776
-
Filesize
344KB
MD59b2b7e5e5263869a5d2f6cf3a87c1402
SHA1fef77f64769a88bb44a494c14938e339fff22b4a
SHA25689d8cd4ce028cb4ccbb73ea3b09ea620a8319b13213af15a0246084b54f88e1c
SHA51284aa1704a3d1c067189680b275323d839a7b14415ffc339aa4e6a8eb0f06fb04aa53d0cd60b2627a9fd750e0aa982d47a545b2a381dee21f96fd1e36404ba638
-
Filesize
344KB
MD5486d29662df7a2aa83c6843fcce3ccb2
SHA10fc8118f42053c14843a208d65112db2165116f7
SHA25677243d9a5cf48ace6227545fce1ba735a2468bdf4adaf632762cd9ce45aab0fc
SHA512cd81d071ce2e770c34eff8f080e7c48884a59ad94fc4522c759c89cb4e42954da7429bce40551206ee2e995cb39847bffa076617c8a82eccae37277a2d20d897
-
Filesize
230KB
MD5cfc538cdcd67db5a22aa2125cad0f63c
SHA1cfacaa581725f8863965f687f459765b5da1ebd7
SHA2561584147160fc9abe405e1049d8caa2127a5307d93540dc9ff5a754d8145f39d9
SHA51269ee5434cf63745986577b8d52d6b1ec68f1ae5a78760abc1a76cd593241c2c8f9db953653f1d8e49eef32896357b67cb42d619f70e20b2dcebb57565ea16fe5
-
Filesize
344KB
MD58f8572283767ca9c56f2f9b0337d40a6
SHA10a0cbdc437c599eddb6dc7906d1e7dbe0973fb2b
SHA25623d141b66e012da5363c6fb8c6eecdb18906d025e675d58c3ed5d75ac2b5d5d4
SHA512349692ec31b88d614a6c2b19ebc59362fa636d4609a8229448647c5c104450b25739ea980d877b9577d0ac55a9d4bd7b023f3fcd1f04e73e12781321e549e606