Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
14/03/2024, 07:51
General
-
Target
2024-03-14_d0920931293b2f3b62abba80afbba686_goldeneye.exe
-
Size
168KB
-
MD5
d0920931293b2f3b62abba80afbba686
-
SHA1
bb2bd8294ab35e61be27545de1480070c1d74faa
-
SHA256
bfd24ac56e9c57dd1da071d247a19e7e999aba31d912ad985b85bd1deff6b293
-
SHA512
e00f3ffca5b4e5a08425aad31b056cae1b76a83d7df5caf03b87d663be6e3395a3500c8be5fe02fe73d8cbdd4a239c18a4bf946728ed00f30ceb52a3ea1964d5
-
SSDEEP
1536:1EGh0o+lq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0o+lqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-14_d0920931293b2f3b62abba80afbba686_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-14_d0920931293b2f3b62abba80afbba686_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94DB6ACF-8B44-4f09-9E40-6179883F5BA8}.exeC:\Windows\{94DB6ACF-8B44-4f09-9E40-6179883F5BA8}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE1D8C30-02F7-47a6-9128-C693CAB8867F}.exeC:\Windows\{BE1D8C30-02F7-47a6-9128-C693CAB8867F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{31C02140-C3C1-4e2b-9244-CF328D66B843}.exeC:\Windows\{31C02140-C3C1-4e2b-9244-CF328D66B843}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29D46EFE-68B0-45e8-903E-EF6BF2D24139}.exeC:\Windows\{29D46EFE-68B0-45e8-903E-EF6BF2D24139}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F2D33552-D8AF-48c0-8F90-9C86D53473C3}.exeC:\Windows\{F2D33552-D8AF-48c0-8F90-9C86D53473C3}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E7C02428-649E-4700-BC9A-09827C367D3E}.exeC:\Windows\{E7C02428-649E-4700-BC9A-09827C367D3E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{10969B9B-911E-46b6-8138-9E44F5121E1A}.exeC:\Windows\{10969B9B-911E-46b6-8138-9E44F5121E1A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E6B4796A-1816-4403-8721-988047D5BF89}.exeC:\Windows\{E6B4796A-1816-4403-8721-988047D5BF89}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E176996B-3861-4356-BCC5-DAE285129FF0}.exeC:\Windows\{E176996B-3861-4356-BCC5-DAE285129FF0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2C8E7B38-8119-466b-AEAC-F242D6E1BFB4}.exeC:\Windows\{2C8E7B38-8119-466b-AEAC-F242D6E1BFB4}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{326571FF-F22F-44d8-9449-A7C9724480B3}.exeC:\Windows\{326571FF-F22F-44d8-9449-A7C9724480B3}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C8E7~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E1769~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6B47~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{10969~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7C02~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2D33~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29D46~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{31C02~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE1D8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94DB6~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5ad057b5c6f46c93b73fdbe5ef4751ab5
SHA1b4282c691c7d271d9c46f6ca701be0dde627f58f
SHA25658aeeaaa88412da179b3204341a95e59839c5d9b33985bff647da4e6b7c918b6
SHA512a4ac960f48ca52e37ff48179cbf0d3d4564469204a9c13710d7c92ebca1f373cfc639da78896859cf5f28931b166fb23dcb5488d7e5af3cf9c37f20e14196c6f
-
Filesize
168KB
MD5b331d0948b6e1d5f3885f66d1434ba0f
SHA15b10b31294d6064b53ca9caf375cdb9dbe124201
SHA256b6d5a032b08f9a49096d78b07ebc4f3d2d4de7dffe81bdc3ec7a1f7decf526ab
SHA512834b72ddd4f052d46cac3b80af5d3ba4cda082f73be6fbfad3ce8727a1ec6314b03cf39cbcec2983a4d2f99e25cb7e2067aec585ed01ae1316326d649f4c5368
-
Filesize
168KB
MD5247663bfaf11febe91ba9523e78c4723
SHA19d40c0b564e599621f9d2ed112069054739e2d4a
SHA256660bfffefcb0a25e10e04303972b9c005b1de12e35e38c963257ff3f990c0c0c
SHA51262a411e0988577cdd1d3ba76439a1bcc2518c4060d0c08ff61d5d9f6a930b9114bf71f90b16308031ff524d7c2cb2404c79123a7489a3f1c00a3de0acc4c5525
-
Filesize
168KB
MD5f6bd9f619f65ca03aa00343527f9e7ca
SHA1921a83cf03cbb4896af654f348529029b3130447
SHA2564f7b9b05f03adacab98347fd78d2bcd64f319843a2fd7ce60a9dcbba6f792183
SHA512207ec522eccb1583ebb47dcbe2a23a6b78c513f9b1c4b8c0a6c97e7a69a47930ebefb7e49a7a770b6191cfd5de6dc3d9b82db1ab0b34f0e6adaba17bce776148
-
Filesize
168KB
MD502878d1a4f0e172ec0a08b1384d7c2c9
SHA1bca4b1dafda92bf789e83415e215e7958b0d5088
SHA256869156f05879335c86c7263a5cc078dc401c03a7c19bd066246ca8096edfb516
SHA51230e6ff79b6d6951bffc28fc22aa2f5f32e025e18688c271cd9d06b0e836030dd2f726c722e37c818bf9e0e27d88c4524680b933d5e61ac9a7404801069205dca
-
Filesize
168KB
MD5bff28692b580cebf8068ae545e38aa16
SHA1e369c22625fecd91e49d77f44a98ca7e2521c4c3
SHA2566323fed1b007dd704b37521138404cf890f228168a8a77ad45d7f2a5279ac2e8
SHA512a3489f8530a0045af97090b8df2809cd96215348d38eab45e2235276aa1b9ea54527c304a04fdb5af5c9aba358b8242b8676cbf3e2227f915914866c58905730
-
Filesize
168KB
MD50c96bf5a0f65c926f806c615f77e9d7b
SHA1fa6b7472fb8b33919dead0a8e4b87cb91c13ae73
SHA25693088444d9be30107fba8f979ecde7f945bb779c93e99929b9d541f8a82b2334
SHA51270fa53f49bd6b590ef0441488553b9877aa6b7e0be1a58cad4f2472bd67c748c1d0e171528ffb272eee0afbb4393823561327fd68ba27f3af49e029673507d07
-
Filesize
168KB
MD5cfaefbc67c50ace11c953cc83f910705
SHA14cdfc2fa256ebdc0bb9b96e05b56c0970b728657
SHA25685c0c02f602a83237329ce4c57dd593885ec69871d70f2cef0a1c5378ec528de
SHA5122b21eb6ba49355ce1a4f7b669bb36774438266bc9303dd612ac98c05b0d4858138934546ebcc884266463efa8135ca7855977f4375ff23b41b622abc6965b841
-
Filesize
168KB
MD5b1d0f5f05f15573399b1b00c2d472cc3
SHA1779d2f50272a3a595171c422990c361dc4419a13
SHA256580bf67b6b234da31b107cafcc135abdf716b36b4fa2c1722f542358e0e3e6ad
SHA5128faa0ba0382ebc1c872c996e8ae3e3263c5c519857fd08637a201bdc351c8c2c05facaa17998efbde2dedf20dee794af4bbed5e83e59eeb6e98dd0000d3b9f2e
-
Filesize
168KB
MD59eebf2dab1fd09ccec5e71efe87b6d31
SHA1b6fce1f81fead761439b8c0143c4058ab4935f68
SHA256927aed28283eb84322011ced5d04a8850e89bb04bcc1501bf4bdbf9064418e21
SHA512e7ec5847e717218a5a557d8e8dd17706a5f6f2551e077af0e7e0182c39fe05b695a932a098d9da125014e14085bd428959a3b42d2c653e857224707a36dd9290
-
Filesize
168KB
MD5bbba3602f413fe67862d9899d841a39d
SHA15d2594fa49b877052208ab11bb9bc1df7e3c882c
SHA256aea4b9b83b61f9a2c52378774fb53d22df1008df4fc0a5bbb6bc89c174b87911
SHA512d46004ad612f20b88a24d4c23016f20097a40bb5ffd54cfabe7363fa06edcefdd7616b90485c4ddb4165df801a501bfc14b0be0599e14ac55b4da9ca97b78726