Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/03/2024, 15:56
General
-
Target
2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe
-
Size
197KB
-
MD5
c8bc285f35c91a77248b8e72a55ba361
-
SHA1
4e44a595d70904f3df0437975dd69e3f1c56cd7a
-
SHA256
57da17059273f69b9642810026b1c49842841238341c3e946ed1cb03b3d88d3d
-
SHA512
73b4b9de9aa7bde9f7b0841cb35ec536ada22c77db8da54d8be18fb3f314d2fed6a0aaa42ee0d3235a28e31b3ba17b35b8d0274e3bc6cd86cde254fa794763c7
-
SSDEEP
3072:jEGh0oCl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCFAD357-426A-4059-A89A-4C96F79A52EA}.exeC:\Windows\{BCFAD357-426A-4059-A89A-4C96F79A52EA}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA5A75A9-F2C0-464c-93C1-1AB7B3A1E0EA}.exeC:\Windows\{AA5A75A9-F2C0-464c-93C1-1AB7B3A1E0EA}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E5E965E-78EF-4cd3-97C3-C14253E9D498}.exeC:\Windows\{7E5E965E-78EF-4cd3-97C3-C14253E9D498}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A04311F5-AF3A-4cc5-91DE-6B99A454BB5F}.exeC:\Windows\{A04311F5-AF3A-4cc5-91DE-6B99A454BB5F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D53A1E50-FC30-48fc-834B-756D0B0224A4}.exeC:\Windows\{D53A1E50-FC30-48fc-834B-756D0B0224A4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{768921EE-70B9-4835-B116-1696529CD686}.exeC:\Windows\{768921EE-70B9-4835-B116-1696529CD686}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F35DE2C-50D0-4f98-ABB9-926A58E2C29A}.exeC:\Windows\{8F35DE2C-50D0-4f98-ABB9-926A58E2C29A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{83A85805-C249-469a-AAC5-AD6BCB0C7188}.exeC:\Windows\{83A85805-C249-469a-AAC5-AD6BCB0C7188}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D5C0FC00-DFB4-48bb-B35F-A2E83FE04930}.exeC:\Windows\{D5C0FC00-DFB4-48bb-B35F-A2E83FE04930}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{CC75FDA1-7569-4f19-8E21-F8EACD127D64}.exeC:\Windows\{CC75FDA1-7569-4f19-8E21-F8EACD127D64}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{CBA88E53-133E-4d66-9191-BF47A5B1A577}.exeC:\Windows\{CBA88E53-133E-4d66-9191-BF47A5B1A577}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CC75F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5C0F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{83A85~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F35D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76892~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D53A1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0431~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E5E9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA5A7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCFAD~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD543a44f1f97a11781f0c9df5dd610f62c
SHA1ed395637fb53d1b0ce8c70d63dd8901b6a3fc05a
SHA256b09590e7844b3ae2462cb7d138367a823e9ff6528e60ca0ebe099a03fc5781b7
SHA512e0e33de6b016dd788ce0089f061107e2d3b92d7817386ca04d0fb09c59c20788a81792e59c7375ef3b57d2273e6a52508d4b1cb3bb46dde4163b1685cc5fe70d
-
Filesize
197KB
MD5ae55e18c27486383d83a2bb05c5b41a0
SHA1b292289bcdb59b077befddb6f91b41e297d8aa0b
SHA256101b4fd41d3c53b63a1b7c2ace690982f969bcca5638a0ffee68ffcf71e0adae
SHA5128571215acd8a85847fb4e7fcff90b418745b11417dbb3fe4238a65140c25a66ffdb1d0474bf9e5b04ac1a87be42e6a93ac70e07ab6a589dc10a9707e051683fd
-
Filesize
197KB
MD5182eee6b86d5d55a2afe2c34c86bc65a
SHA185de16525a94e7cf1b835eefa4c3c02e75e95be2
SHA2563f84550fd3aa086be7405864babd82cf8cda7db2a0e82810436e8d231a3b6f79
SHA512a4772ff98d253c67020fd0d763ef9026316802ea6762bfa0d2d3d3697c110a1c1cc79e87854c4677b809d553d3a77ef4a24ddc71109d066cf0aeb63abfbf1612
-
Filesize
197KB
MD536bc206c9ca64fd6017e98931daf80f9
SHA1eeba5b88f5398abf10bb1c8ac1122feea16613a8
SHA256181814102deda4e50e05f2eae206b2e8caeae610d865f5b3d8782664a9d3b4a5
SHA512e8b7ce13242246769bd708894f102b514834f7889a97f2e09090daa4ba619a202fc2a54c16cf653028b2f207fcc4a83bc0b76253b481b8181b24b5a3df71829d
-
Filesize
197KB
MD5c99c6a9b1cd9212a59fdca8fd0f26ee2
SHA1da5241c8daf556edfdac02f3ee2e16863c69bb6a
SHA256583939f9e34db8022113f8c3437db0efe1d96a52bbf6b07fed7a93e7996542e8
SHA512e754dc1d018add2246ac6a58a488fff608fef692eb501f2f95aaf51d000899813a5fec62e7e167d32024c94446e8998a82d0244ed62b004de77187dd18220069
-
Filesize
197KB
MD52c877a3368bb7eccf68a52f133b1218f
SHA17e6fc3d0e207051eab09b45bbf7a981e70be601e
SHA256abead263ca64a18be70d8f9b2f9403f5e1981cfed0c8c881763946cc2881fbae
SHA512cfeead2a6a90eefbe4dec0e908e51578e165ceb13219375f974b0bff74d1a153062d4dcc504ae12b24998e2c73d203669da0c036f770a34117778fb4ea85dbda
-
Filesize
197KB
MD53ed56490545ffd635d5d1972a456589c
SHA12faef27747f8868d0e36c5a0238c93688a8f3eba
SHA256466e0ecac19c7918303f3ddff9d053778a45b4cf182ac89fde65e62fe9b76902
SHA51260fad11d08e9cd82871abb90561afdee61eaf85e43d5c726ddca3a01fc617997f778f71d7ff3c8b453918f3e3415b35ce523f8b396cce884640438a9b6bbb9e7
-
Filesize
197KB
MD507351d5f15283cda6feb20a696267ba5
SHA1827f14688ca557131e36d7e1f0dd26691d0c8aa2
SHA2563845be8e592f1825295151c3be3b756cef2310ca8e70d520deadf6664b186798
SHA5128a4cf1739f7ac657b173cd8e37fa1f00e09bf1e727d06cf09c770eefce122ee951be08912724dae2bc87e56e0cf089055fa43902d432fe6ee0f638bdd555d27d
-
Filesize
197KB
MD543754e94a69da9d52d12996ac3425685
SHA1cde1f88a54353dcc68b01f57ca45b5a5a6335537
SHA256963e126dc89300504f95fe282ee326a28f845da47ca8c85d2db2193acfa60a7e
SHA512b3cc8c2db742da84494fc54525101c959a24789a387adda2024eb9fb1d0390b76b81bb492f2ff8147608c80477be8e6b2332fb2f20675324631d463d199d10e0
-
Filesize
197KB
MD590c0a6056b8a5f6dab76cddbe113954d
SHA18a5404a684fe6e85164633ba84362be46e6dc271
SHA2565b3ef08b3f120f56db3f882b9993c0da206ea61441e2dc860c867659f7b9bc9d
SHA512c03190374f3d2367984a411bf7c20b3c149291507f902110914bd0e977b328364e8a4bf66a9747307ad16ae13e320614ce28d91269808dd750918b7e309653af
-
Filesize
197KB
MD58a895687e26b1db0f6451bcad8b2717b
SHA11946280343831e5c4068be485a3afe3cf8a58c1c
SHA256e1b60421141d1f861d1f1e786e2646a192d3870dc28b9871ca2cfe16eab51ac6
SHA51227c69bd4695bf49fe2ffb1a1cd2969fbd3e8aa2d5b0119e24efb0e4c9ad868fd864d65478faaa9b49cec30d25c9704aea815b0bbf3b623cc27539415d468980e