Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
06/03/2024, 05:29
General
-
Target
2024-03-06_1192bb5f2954b454eee6b0997f14f14e_goldeneye.exe
-
Size
216KB
-
MD5
1192bb5f2954b454eee6b0997f14f14e
-
SHA1
20e60a0cb9f42e7a451ed7165b20464e3278e8aa
-
SHA256
a3413ebe071d4c0b594fd321976c8caba4e1b93b86173bf069fda108305d0ded
-
SHA512
0876ac9a970e19fb87b9123a5272c0c122368e17c251765a213c05ae6b617c7e90511ea00ca72fe14ef125837d3fa9d0d199a20d2681cb40b82d99878a459a24
-
SSDEEP
3072:jEGh0oIl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGWlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_1192bb5f2954b454eee6b0997f14f14e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_1192bb5f2954b454eee6b0997f14f14e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{540BDF60-4C84-48dc-A112-72A2163322AE}.exeC:\Windows\{540BDF60-4C84-48dc-A112-72A2163322AE}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6BB3F229-4761-44b0-8B1B-8F4B9754B685}.exeC:\Windows\{6BB3F229-4761-44b0-8B1B-8F4B9754B685}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9BDADA1F-7FD5-4c69-835B-5A6B2F4B6DF9}.exeC:\Windows\{9BDADA1F-7FD5-4c69-835B-5A6B2F4B6DF9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4E5EF979-ADFC-4300-8646-74751667D1B4}.exeC:\Windows\{4E5EF979-ADFC-4300-8646-74751667D1B4}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB54D5F1-911E-4a18-88D4-DA92F1B6D5C8}.exeC:\Windows\{AB54D5F1-911E-4a18-88D4-DA92F1B6D5C8}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8E6D0F43-BA7D-486a-8D8E-C0519B20A405}.exeC:\Windows\{8E6D0F43-BA7D-486a-8D8E-C0519B20A405}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{12AB3D37-1BD2-433b-A0C9-E49A49D89168}.exeC:\Windows\{12AB3D37-1BD2-433b-A0C9-E49A49D89168}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79A64940-0D94-4387-B64E-466C19340F11}.exeC:\Windows\{79A64940-0D94-4387-B64E-466C19340F11}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{639FD65D-5FDD-42de-ABA4-51FB5D05A7FC}.exeC:\Windows\{639FD65D-5FDD-42de-ABA4-51FB5D05A7FC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D2E4A12D-F64E-42bb-A99C-D6D26901E16B}.exeC:\Windows\{D2E4A12D-F64E-42bb-A99C-D6D26901E16B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0B4F89D4-0701-4757-B67E-C2350747DC3D}.exeC:\Windows\{0B4F89D4-0701-4757-B67E-C2350747DC3D}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{49120BE8-A9B7-48ac-A721-280D79C97D84}.exeC:\Windows\{49120BE8-A9B7-48ac-A721-280D79C97D84}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B4F8~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D2E4A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{639FD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79A64~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12AB3~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E6D0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB54D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4E5EF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9BDAD~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6BB3F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{540BD~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5d32d5d1da8df8913a66701364a92cdcf
SHA119c7321e02ce77757a67e4c070e28b39104369ad
SHA2565745bc167c6573a9b86e9447571925bb39711ef989a61b3436f6fb72f0b22dfc
SHA5121c4fd95e782304be401dce09810128df27909c29d899b2bd79c521ca600dfafba65546da9811f8be11ea1fb3e3f8cb3d310f3c3b01f884f5cf835f2da8ec550c
-
Filesize
216KB
MD5d5846a9f72f7011b9098b90c0b40acc4
SHA1491b87e065e4d08f5be4ef97fd698ceb014aefef
SHA256f7b077a1850b7ed8bb3c34db936f02ce1003d96d8bcb9840a39d924424b6bef7
SHA512e0f0dd6a62a8f1d2c6254e0a07f677f4307fedfc5c7c2054d927f09cb5ad1376450ca4f2a7f0eca6e457da153bf837cb0a6048b993b1d5387914469ef0d4affa
-
Filesize
128KB
MD5f206437babc05f3495645f2605b48f1b
SHA1a613f55fbab4cf51b7d7a3407bcc0ca0d7135935
SHA256ed895d9695a7777b6f57a488f65c9482c2c08e9173fec5fc172ef484a1e96ba3
SHA512189a07c6d7aa25132d150dde7f821ab6eb2780e0886cbda2cab29fa4f7c908cc7a849b354b2698bff65190df168c57c3f0dd87d06917fee8ac984801cd03df72
-
Filesize
216KB
MD5caff2dc8f8bb071f491cd52243c96748
SHA187cf63ba3b0e40ad992f17bf5684053d18e7865c
SHA256d03596f83de425bf398eceae498cdc2cdd02dbd769dddee35ed3f7d1a999bc8b
SHA5125c1319cef675a17ea091acc153da6ec50aed7ada7ad42015cd634b9c14ad1b3448f55420e9753a7586c84eee5e9718b566bd180c8ce2c9a6ab8c1db2ddf3e377
-
Filesize
216KB
MD5176c8a82d86c412949eead297e74698c
SHA133675a6ef8d655847a9297807259a833dfdefb53
SHA2568f32ea3f85c3f441185c88b91ff1bcac5a7722b72661c04295976154146f56dd
SHA512700167fa8a06881d6db9bee52551554846149a408064a4a3d7aebd7b2607aab071a18154a80878ec0bef9a746b5ab686fd6948c01041c724814791bee07e7ded
-
Filesize
216KB
MD5631faef3386f8e35b901aacc0a158eca
SHA1a127b020d9d7f8d9b6f8888ded8b1911836799c7
SHA256ca1d3c5d0290b652931cd56ce279ceac8445fcbb8ba62ffd6b49a1a9a293ea1b
SHA512688675e9f192bba2e67aff0b652952429aec90f555e03f2a2a614ab7b43ad8d07d6b3879b675dd08fc54fec37276b6f7547636b788fae68380e1c2d20ef1c017
-
Filesize
216KB
MD5d04d24fbcf90aacf9c123a151c5dc0f9
SHA14cc0e6ce61d491b289472fcf580dc4548e631480
SHA256090bfffe5b7e89e158a86c15fea4e1db34dd8093413d8f93269ccdb3475e593f
SHA512952a8a6f7efe06e04b0e745768f6bcf8e968a63147b66dcdf2faefad703b7d8c20a0ad2ed774ebc3a61b61f240d08d3cad51e63574e7017e20b4add76bb7da10
-
Filesize
216KB
MD54d6452605e8f3ac3e0cf1d73c60ef719
SHA182c001106b29287481bb154a2d0585413999dd2b
SHA256d307819c64925af7a22db3b99438f7e59dfb7151b4f87842f83d9170039f89c3
SHA5122b9cea5f9ea89867632cdd65b2034effc98c71f7ddb1e034b8c92b55f0aa4c5430f1bbedf3fa01f6c9185bbeac3e65fcf0fcf1fb5e9a950c51a8e8c7e440df07
-
Filesize
216KB
MD55ccd5ac73c1859727427124d7d627ebc
SHA14c90cba5a0683057e69568aa33325122419ed16e
SHA256937fff88c86ef487478ee7f725e926e66b7c9b1167f88f8275028bba083f4977
SHA51297a075e9063258bcb378bdb5888ce451a5731ab4b6eff906ef404b382fb5576ed984edb13c2104a0ddf0e0eb8999fc00336a2d5a95b3cfa3d6f5bbd87e8a1321
-
Filesize
216KB
MD53c1388f02aa6b9006928154392632936
SHA1422b2224fd4a8cc645e808c05192349f913e9431
SHA256ef087d057f88fefb99464095afb43a02d1431ab121831d956bab8510bf939d17
SHA512da03ba9f3f14b088a5fc55163bb5f243d4901ddaf327fe8d06477c90afa0ab9be2de31274df4c6021122adbee32cda17d7dedeeb1cf2b1cc3c4834122bb2452a
-
Filesize
216KB
MD5c29e0fb25ed1ab7d6d4a07952ecce75e
SHA1d6a71fd59a8ef45f737d91a788ab5905eb9ce7be
SHA2561cd58a9c769482132daf8baab4a7d9af5ee8f47bca435c5e723b55c37baa494b
SHA51295ff60da4e0deb54c844d37937ab57d9f74eea0d22aba6399b63be30e87c435a15752b9bbbe3ad2b2637177fdee59657a2eba4b4a5490a7b7a6ea8ae7a15259d
-
Filesize
216KB
MD55e4512331ab137c209c4b356d36848aa
SHA14eda04b2ccd9f71ceceead4e50798d67f2a980b0
SHA256a542927dc22431cd11b70141db8ee977b21489525ca68ad64c0a1c7457e4e3ef
SHA512a526c7d30ee5e7477691966971d6f23d50fb14e9c8b1ce91839b9996470b8e59a2a9b0304e285c7e8c9d81984564544bccc1b0cf15866211c8656e0e50def3f3