Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
12/03/2024, 00:29
General
-
Target
2024-03-12_5327744f8cf9fcb5e8fc5b92e06fd90e_goldeneye.exe
-
Size
204KB
-
MD5
5327744f8cf9fcb5e8fc5b92e06fd90e
-
SHA1
d6b45ec7f11311cf7496b3dc808570bbb6e48d41
-
SHA256
0a42597fe072cfec5cf1f68fe37dab8e1a1f224e18f2dd7f90d03dae05c62ba3
-
SHA512
b3a79d85101beb70f353d3c3842eb77a5675c9f0354aa982ab0f222e07e42bf13a1f9d92958fef806347f291878e1695c9ede179a3e35bdb63a34176356786db
-
SSDEEP
1536:1EGh0oNl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oNl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-12_5327744f8cf9fcb5e8fc5b92e06fd90e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-12_5327744f8cf9fcb5e8fc5b92e06fd90e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{89127790-35C1-41d5-8B5B-E14D3ACA7E89}.exeC:\Windows\{89127790-35C1-41d5-8B5B-E14D3ACA7E89}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5D7F15B7-2080-439c-B428-511EBCD431A4}.exeC:\Windows\{5D7F15B7-2080-439c-B428-511EBCD431A4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F518D587-4EA0-40e1-9287-28E19CE48AE6}.exeC:\Windows\{F518D587-4EA0-40e1-9287-28E19CE48AE6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF90527D-5285-401c-8B6B-80A88008049B}.exeC:\Windows\{AF90527D-5285-401c-8B6B-80A88008049B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E73B6806-C588-4e91-9E18-7058E38073B4}.exeC:\Windows\{E73B6806-C588-4e91-9E18-7058E38073B4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E941DB4A-1228-414b-BA50-14A489714F3A}.exeC:\Windows\{E941DB4A-1228-414b-BA50-14A489714F3A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0B9F747-CACD-4588-953D-531E2CA45640}.exeC:\Windows\{E0B9F747-CACD-4588-953D-531E2CA45640}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C2C5E5C9-F325-4ac9-88D7-0776A2F6B38B}.exeC:\Windows\{C2C5E5C9-F325-4ac9-88D7-0776A2F6B38B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D9481AFE-C597-44b0-95E4-AF0B03EAF796}.exeC:\Windows\{D9481AFE-C597-44b0-95E4-AF0B03EAF796}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F32EF853-730C-41fa-8CA4-35A50CFCDE3B}.exeC:\Windows\{F32EF853-730C-41fa-8CA4-35A50CFCDE3B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B4B7E7E8-4349-45c2-B6BF-723F69FC8211}.exeC:\Windows\{B4B7E7E8-4349-45c2-B6BF-723F69FC8211}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F32EF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9481~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2C5E~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0B9F~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E941D~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E73B6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF905~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F518D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5D7F1~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{89127~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5372db3a889f3498fcb88fe7ec193f58a
SHA19dfec6a6c9c78ef25d9ac56e7e2aa158a1f51746
SHA256d6c648a504af4566ff1bcd5b4ea8e1cb9df65514f273a74ffe9c045e6d0cc7a0
SHA5128ab3086c5f594406405023616e03a98f7c9523aefacac21515ffed0fdd25d1bac7968e7537215949847a0d3296dd69a00cf88af04e9821eff003e918f912e6ec
-
Filesize
204KB
MD53bfe9cd81e0ace957b4ab0e23127d4ba
SHA1aa9853719961af81bb35e053d0328747d219aaee
SHA2566619a71d68186001ec4dc8e749180f23049c95eeda1c859289cc8bd50b0bc424
SHA51220f1f18304ec1ee589b32c63040bf806a0ce0b4926ff796d450464d0947a76004bf367ac45acfb1c9cefae47910f682a035028662c0a898dfa6f301bee7907d7
-
Filesize
204KB
MD5f258a86f2bf5cadbfb0b2c583ac7facc
SHA1eac4e881ff0f8053ca8ab0729f0b03b8b99a7263
SHA256d86f78be380e1dfe09f9a1910a6f8ac4f2b8b8cc5fa2a141e581257e7c5acf77
SHA512e73065fc85a765e654a5b805944a31c5f31099df88d7dbae0d96b2f1eef827bc0ecb9e68b95f504882f6739a628c5d9a2802aa0f4ac21665ca854901cbbb0822
-
Filesize
204KB
MD5b5900d14d36951d4a0de2366623d2c78
SHA10a918c1f6f6e68c815afac88b3aa96908930eddb
SHA25608880a9af8910004f9ba0156fef4278663764f10cf9c1d14c6174b7def661a44
SHA512f3bb29966d8ac76170029fdc2f2772ee437531de5f50c48e81403f499200f1cf642a81621ab60460d6f051cc46964152ac46ea4cf4354bda8039443152288773
-
Filesize
204KB
MD5f99512d2b026934cb680fee23ce8984d
SHA1a0e3225d9baac3906a2a9c93951fcbb22f96da97
SHA256dcf974adfa264415be319a61486c4b421286c1a2146807694a0e18f18aec7f6e
SHA512bb1f0ed040154bfe1ed340bcf1a97d1b7264471d8129bcbef8c19adc809c34d7bfdc6b85e3fc1706ce788500bcaef1cf2becc8bcc0ccc9aa4b3c69d3f8122339
-
Filesize
204KB
MD5b65e1b0225a76b1da233732630492c42
SHA1cbb156cb935c0dfb2b152193edecd89889d4121f
SHA2566bdb763239f15a37713030d686e83ab620c675360d871c0fa86637ec338d2152
SHA512110891277a4fcbda5ffc32563969ae9ff25317f1e786a1e3f1e1eb8fda739e734ce60399a38e297b4ea4b07295dcacf905d678fb5c1f78a4fa15d12f67ca21fd
-
Filesize
204KB
MD57ab79e904e74cad81e24da668f3f21f1
SHA1fb17b896e40149e387555b16438e208ea4524126
SHA2561566bd03e96f7bce73c764c674a807c9d1ab3a4bdd37542c5f6fc034378d9d62
SHA5127626bf9080b0149f45df9e46b87f37fc7f5a803c4f4356a9c42ab0371fd8cd5f18b06d64afed5c10669b0045724a5e0953a9f8953f2f00c99537e8c2b918ef7f
-
Filesize
204KB
MD5c6149980fff13f06d1714f321ffc7955
SHA115309904025f2a28de72a01dc9ff22bd7e59fdbf
SHA256c5c4789385aa8cc826b058fe9940d7c2a181f0ef10c3249f625e785b0198d771
SHA5122e2d142c0841fe9dc7142a32dc0f1e05d7bd019b051eba8f0bdc5830f40d0156533e146b278e670b86ad77b86b7bdf9c3cf678361511dac15f7a8b1d58a6e7e4
-
Filesize
204KB
MD564478c4c5bfddf02617c02d9ca66dd46
SHA14bb3035d24c2a3f1781ff226e176941335654d2c
SHA256f4e9c8d3af1ada0749c48c69bc3fdb615961a13c86a730f4e125c71b8053002b
SHA5121ec8e92bc570a824301c8b7fb91923dc03d768f962c1f63cbf2c03cb62e4d34b9fd9e2113ee4fec49945d43104cbb164b00e0cc0704b3017262f4935008cb37c
-
Filesize
204KB
MD59ed54b613bf8d52823afa06a1708ece1
SHA17c7b64a13d7316540c4886f9d0e20707ed374412
SHA256534b0643e0d42e8279f2b96fcd41a943b8ae64dd42b1964fde7fc950d61d6e61
SHA51288c65cd600cdf16ad42febf7989fabe975b27419c92c99e743b1e59697820a3cae31ee33c667a02c5fd2129d312718ae7530713ab8fcdba1f57e928be8f935f6
-
Filesize
204KB
MD5cb647f8015791f2ec5ebc4b3321de9ea
SHA132224f752ccac5c8a920048ae806b8d8c89b037c
SHA256d83544b457a26167518b3dcb505e4e52c937ff4c685460157a2355bff60350e4
SHA51293227daa3c06d6d4dcf778f86672dc20a0d8e7a98f8d543300a517e4c25ad0554ca6e876326be22e612d00830947891200a83028ad2c64ba18ef86c517e30be0