Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/03/2024, 22:39
General
-
Target
2024-03-28_9dbf5d744873cb1e25a96ceca175fb8f_goldeneye.exe
-
Size
168KB
-
MD5
9dbf5d744873cb1e25a96ceca175fb8f
-
SHA1
d229c9212ef48715cd4cc176441672cb23bbe6f9
-
SHA256
e63b32362cb7ede50d8014a040901beea0c2403fb9d000824b165de49c3acdbf
-
SHA512
2ad68e6caeb1d8546ab92be4e8f8bbf8835b6efe4389c02759efb044d96fee070998530bd8a03fb0e7c09a53979dd46dd349cbf583e09d380bf4e21809c1ec77
-
SSDEEP
1536:1EGh0oOlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oOlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_9dbf5d744873cb1e25a96ceca175fb8f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_9dbf5d744873cb1e25a96ceca175fb8f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7309D775-C8C3-4984-8E45-E3B7E2983B03}.exeC:\Windows\{7309D775-C8C3-4984-8E45-E3B7E2983B03}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EAA79C38-B425-4ac9-8C97-95882B249447}.exeC:\Windows\{EAA79C38-B425-4ac9-8C97-95882B249447}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0241789D-8E42-4712-BC0F-DC63CD4A40C5}.exeC:\Windows\{0241789D-8E42-4712-BC0F-DC63CD4A40C5}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD49E623-FCC3-4ecc-A1E4-C56D1D76B35F}.exeC:\Windows\{FD49E623-FCC3-4ecc-A1E4-C56D1D76B35F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1CB62FB-003C-485d-8161-6259B5312962}.exeC:\Windows\{B1CB62FB-003C-485d-8161-6259B5312962}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C50AA30B-804D-4c86-BEE4-2F95811BBAC0}.exeC:\Windows\{C50AA30B-804D-4c86-BEE4-2F95811BBAC0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{268330A3-5F4B-48b0-B04A-C48FDB2F9E29}.exeC:\Windows\{268330A3-5F4B-48b0-B04A-C48FDB2F9E29}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{84CF27F3-90DC-4d3c-9467-2F33FA66972D}.exeC:\Windows\{84CF27F3-90DC-4d3c-9467-2F33FA66972D}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{2672B81D-185A-4f67-97C3-3216139F786E}.exeC:\Windows\{2672B81D-185A-4f67-97C3-3216139F786E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C95F37AB-9F3D-434d-BF91-EB339478B38B}.exeC:\Windows\{C95F37AB-9F3D-434d-BF91-EB339478B38B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{B199F2FD-C07A-4df9-B7E7-6C9FB8508F60}.exeC:\Windows\{B199F2FD-C07A-4df9-B7E7-6C9FB8508F60}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C95F3~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2672B~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{84CF2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{26833~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C50AA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1CB6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD49E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02417~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EAA79~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7309D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD54fa975b35fdca830c3ccea041eb3d12a
SHA1d036e73114892b70031326c0b57db577be53be67
SHA256821b7783d3ff40ad8653415b4c951c22699de166cb5da4d6559ce158dc47ce85
SHA5126bdc8c96e35d76d22cddfb9bbf3dfe9ae022764e56c213dcb7542b3e48cc795efa2f0741e9660050612a7c5a37b8ce9a70807576168c947c15aa8f018b121e21
-
Filesize
168KB
MD5401150db1f5d63457be3deb3c3a1bdf3
SHA16404647cf2d356256dff2c4f11c63e99dd1f7f45
SHA256beb29f6e71bf4d9822913c8801b428cd91ee129a5e21364a83104ca56f8d31b2
SHA512870f2dd3b3612fe8f77e312b706ec94d9f21c1a338278069efa0c1d693bc7f6aed1d97480a10987c6875907e445457b2569e29fc01071fc9b96c03965c0af54e
-
Filesize
168KB
MD54e87f9637432be3b1e53ca087ab4a9ce
SHA1ec7b077d3c2906f738f32103ef1668c5b3294495
SHA256544bca85a3c7f915703069b6c92ffd470242a85062c998ea931fa7130f6bb3bc
SHA5120ebb2936826e318c1867ac2151ae87f19adacd6409ebbe9173d627610bb3a5c837b7a9d69afccc76367c97c0d31712430c95db778ea21fb0a4eed6e32f737c40
-
Filesize
168KB
MD550a1b6ff5d43cc89ef1660abcb6bc1dd
SHA1afcafeecbe53b49800fd817ce936ed132e4d2872
SHA256974569470c3f8442105e79b6249ee54f89cddb63f0c3eae8c8e92ff0345a8b0f
SHA5124955aabffecf7834d6617624438e38010e2bb4dbd6b8ba9d2183d107eec12cc11126e1035528c7b80ca5ca1f5dcf781f341b2fc989e30fba7177d3577dc5a509
-
Filesize
168KB
MD5242c7a960f183071de6c17ef68822fbd
SHA1e6729a2a76b613b8ed26da7e6c3002d972877010
SHA2561bec60dc8876224650d3690920ca99c96d53d6812aa8c28e8b958d646c0135a4
SHA512650eb3286bc0cacf35ecb286a85f90399cc5df572dec03b24bab623b762ad63623646b009fdd06c3f9a0ba09bf58c5e62ed7fef14a3bb75ec7aff9e991006b1c
-
Filesize
168KB
MD52df9e318a28aa279db2f52e0e982ad4e
SHA13afa45315ff5c1d30aa9f8215f6f08de3e16adca
SHA256e2bd5fe17be52df6c174571ea80a049159196cab3599cd8cb85823b2185b3da9
SHA51273613e731ec5d6d13d59c7a82984f52410e6929652be160344bcd69e359d518b72c62e80b7c691379b50ffd0cde62854794dff8368e07d895586c10b95786d4c
-
Filesize
168KB
MD5a9eab07b64ed25b8c5a231c07d9fbd82
SHA13417db35575e4fd925b868f8678894f7ec194143
SHA256bad1fb2c3d1e2f841d9729d24d543d6f8423c785fa69d151aa85ba592472bacd
SHA5124977b573891b20306e1a8bdebb54461d245019016f568eb2bf9a626281d9b97347649814b41a371bd887b0e2d791793c02d9c7649f12854f26cc3dac3c6fd1d9
-
Filesize
168KB
MD5206c8b4d213a5bb5f2159b2897209fb5
SHA1d72fbdde425f003cf61e6a975e76de90dcdea767
SHA256626c187b6122d2475556d719c27e8aef45f80f9c6488eabb37c8db6efdb038ba
SHA5124be19671ada8538ae918f529bf0205db156393c4f89b86ab082729038948419f90592ca90f24d854111ca3e5c1e82c00452de1e42b399c669a30dd56584dda7b
-
Filesize
168KB
MD59ad23939ac7ea938e710fbbd5e65c562
SHA1c845945ee1256b030146002fbe56d2f9865e57b9
SHA256f209ca217ea8f7901b95f07a8dcd9f61108d4fab94afa2e56bee516223d84f5e
SHA512b0167daa18511f535945acbda6ec5c1dbae7285f9c014fba2c51d3b68976c5e00972f6cdc500baa2baa96cdffcbc4843c742b38732da411f9b83874cd66e318e
-
Filesize
168KB
MD5eb91c201192ca60370f79f20550e6db3
SHA1342ce9095e5b7cc3f2e8328139fd8013f877851c
SHA25664df0e14538d18c2c84c0c81ffbcf9034244e414312e08f34f84f1e62d608e8c
SHA5121da8d532f24dc3da60e4fe8d240d6e7634c6d0efda5ba52213c0e360312be515f255e93ecee571a49be4503218676550d9581a684f4319a899fb3fdd1f67a8cc
-
Filesize
168KB
MD54b346bab53cd24b28293745f9252fb60
SHA1e254c95c36d8b4955e8908049986df11a3708ef6
SHA256745814e05dc5f00546089d694b388142cc6754fa58d3af3b0177ac6032ca5694
SHA512753a596a92f13b77b17300738ae88fc1de5089bc9897c3cecbf7fdc98f61c516d40881583ee286032fced1e0fef0982169e800ffeaccc98d058a1ab7bb8387ca