Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28/03/2024, 22:40
General
-
Target
2024-03-28_aa047a8795853552cdef4ed25659fc4a_goldeneye.exe
-
Size
180KB
-
MD5
aa047a8795853552cdef4ed25659fc4a
-
SHA1
7c22e12ca57c99c792f7ff385340f639fe63532a
-
SHA256
e7a05a8128f37af8eefea9473d3048ab9daf91329fda877770032269f143b55e
-
SHA512
bf71a6e8540782c52fa63fcd3b771f9238f99ad05b583ca71a9a15c18adf6d43e8751859414351d73875497eb98fb7d2d271d275b197cf94e84652fb70c6e5e1
-
SSDEEP
3072:jEGh0oQlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGWl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-28_aa047a8795853552cdef4ed25659fc4a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-28_aa047a8795853552cdef4ed25659fc4a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D9EB705D-5B4B-4c66-93C2-22CA6C1AFE33}.exeC:\Windows\{D9EB705D-5B4B-4c66-93C2-22CA6C1AFE33}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E6ADB391-1550-41c1-A6F9-810527D3AEE0}.exeC:\Windows\{E6ADB391-1550-41c1-A6F9-810527D3AEE0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B61C36EB-0714-492e-923E-BAD85820490C}.exeC:\Windows\{B61C36EB-0714-492e-923E-BAD85820490C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{327D18D7-71CF-4ad4-A98F-821994A5B8EB}.exeC:\Windows\{327D18D7-71CF-4ad4-A98F-821994A5B8EB}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E7CB628-7408-45b5-88DE-C3616B21DB06}.exeC:\Windows\{2E7CB628-7408-45b5-88DE-C3616B21DB06}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B425CFCD-7196-4a6a-BFB0-4C31FBE1237F}.exeC:\Windows\{B425CFCD-7196-4a6a-BFB0-4C31FBE1237F}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{13D192E7-6710-4654-92C2-625C8B886EF1}.exeC:\Windows\{13D192E7-6710-4654-92C2-625C8B886EF1}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{702C8E9A-EC95-4cbe-9114-92EA4AEF744E}.exeC:\Windows\{702C8E9A-EC95-4cbe-9114-92EA4AEF744E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9DB44D23-71D6-4648-8596-ADA8C4FDDC39}.exeC:\Windows\{9DB44D23-71D6-4648-8596-ADA8C4FDDC39}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{748EF80F-379A-4653-808A-B16D47F034A0}.exeC:\Windows\{748EF80F-379A-4653-808A-B16D47F034A0}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7938209C-0760-4f02-BC21-A79E94CDAF9B}.exeC:\Windows\{7938209C-0760-4f02-BC21-A79E94CDAF9B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9FEE36BD-FB5B-40e1-A511-A3C42D55115F}.exeC:\Windows\{9FEE36BD-FB5B-40e1-A511-A3C42D55115F}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79382~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{748EF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9DB44~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{702C8~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13D19~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B425C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E7CB~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{327D1~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B61C3~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6ADB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D9EB7~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD52d42f30eccf2c3ec182b6b9a06efd9c9
SHA16b8d3a69e95c0d9aa141e1ac8d2db189738fb1eb
SHA25618a98a2f26bb55c7d5d719f068e7e2ac4d77aa673d2838230689beb7b1703fd1
SHA512a3fc1d0fbee8e012ff877b4b55deebc80236d58823090d892fa72b787f4bf233e322703c196348658bbbcb55090b57d27f4cbf29612cfa9f263305e348b6c32a
-
Filesize
180KB
MD5b325f4592a5d9065804d3b75a2c43223
SHA1037f0d84b29a0309e78c1b349c4b507d9903f45b
SHA25639137bd5601038ec35114a21a7c947c3c5641405c6af3a049b5be35c513807ec
SHA512bb3a574583091f0185c720369eacdd2b2b7f4098062f66b7af5774c5c28a84142c125f14d82915ebd33e0e8c3bbe2ed3a534c41576357e09d9187abf662d3ac3
-
Filesize
180KB
MD5c898e75de89b40fe99745e78a526da43
SHA107776441e7f37ab99bece8c6862c9ab7df789575
SHA25644125f1b1baf0eac273caf8526a50636ba02f0a37d027316295241417718005a
SHA5122ce54920c22510612141ec93ff154c808df5bd2a2070f3dfbc65559f283bb43da7e2033bc1c4969a56691116fa2e71355ea7993c4fbd61830d3513c9c288c1d2
-
Filesize
180KB
MD5220994c3d66cd035f2db16b2161c3097
SHA15730a48db2cf4cf8b9b72fab527e0e30e0d40200
SHA2563e06dbf048d2a74734cefc25426b2837306f3bb8becd945c6d5a2f9db692248f
SHA512afa4afbd7ffec14dd6136883b979b4cf0094b39ce3f1f73255d98bcd6568c864c52883c5026ab99a479dd60d34f968329dd748fc81330f74f07d058c51f44c2a
-
Filesize
180KB
MD52d491b5dcb66ac7b16c870f1ce64f938
SHA14639facdf16786543f4f36f735d1d6471f659a44
SHA25618eae70bb0ff2fe03415006270f756dda516115bae7f25085195d18c9a8fb5e6
SHA512f43567acfac8e80f3d8f44757ac8e157e6d7f1a16b061109f73e665b7d0a746f2eabc6d2619f63c816d68f0cb5e1b409350fb700796e3fa0ca155298071b3969
-
Filesize
180KB
MD5291cab736fec7fe5587e88b5eefdb982
SHA171319d568d8c2c169adcbdeead65c1b5410015af
SHA256cd1c4b3792033e9b16f3c8d474e666c6d14916b83af6a9d1c24a47b6628e6d80
SHA512764b8f25ff0879e0a30d2bb462e7832f0d14255c3685a3ae3aedcb2cda127f96ad3891770a96a136cbc8bb52c4775dde0c4bc875813e713694c03a6094a1768d
-
Filesize
180KB
MD539165438e8c42d10160efabba6914bf3
SHA18c8e58e16042a5bef64173923822bbe82cf160ff
SHA256afb5196e99dfd1db841b10ff668da6735b47f843617702c7ac791f26a4ac91ba
SHA5128438314339382a353c61fc68a9fe2a97d75c16d2a850cfbd9b719dd3b8910ce3b9bf87e50e87c53b25431466a2e3a8a187e44abb8a2c58a953d16e006ffef6ba
-
Filesize
180KB
MD5d6956a2fdefaa31ec56eff8f3bba2482
SHA1ffa13fbb8f65ecef802de78092e603b02cc073a1
SHA25609a26c1b4a783aaea8f2f1864464d03d002feef69df349fe59c7fea8233d0fa3
SHA5127bd772c81e7b207beb4344d7c4a21f95c9782eb48bdbf65490fb8609b39e202a14c538dfb4611ca8c920a961f55dbee0ef24a7c269325ed6f30974b5cd37960d
-
Filesize
180KB
MD565eb2f271d4e7923413fe44035b45eb3
SHA10fb223cf133b681d6a3fc77a26b64f8f01220e74
SHA256a4128ca7513cd386383602d18adb1590ea6e12f5156a84364336644206298dd5
SHA5122d5becce5068dd2476b4495adad57da818f1ff2619d0b6c490c6b2c8ce88a56e1e1a24e5cef82c1008b73c876ed0c32fdb717314cfff68de425a943dcf9e72f3
-
Filesize
180KB
MD564f017654c50570f0fc00eab66840f96
SHA1572a1cc53c55001e4cbab1b7e0e89b839da53192
SHA2567e4da833e11413d5338ab3a73a1677577f471179f8322e5cff3c8b874c4b2607
SHA5128c70dd43030ace5ca071c2bb0d80146f668363be9607d55826e10da3f1a1c6a2858f49cf1046fbb6661eff89e2cca0c419275475cb6ccfd969b8758e69cb426c
-
Filesize
180KB
MD51752cdf7d2bc8d06d190761fd62c4a56
SHA165799c09a9142440f9893e7e0d9bdffca03eb4c9
SHA256719c3a6a48e1f4c2cc9b4bdfe99bd8eba407dba7027f9708c600e7c61baaed1c
SHA512dabb47bf7133e7ac958bc99fce1b46e0279cd6e75e2b4919ed7e93aea10e30bdbbbdbe39b02533e264af9230e95607aa07113a05706c411a9837fea7b81949ad
-
Filesize
180KB
MD57e88f4a1874f62dbe68828ae7e5c1974
SHA1b786b89123b087f2d7299eced5dd63cda247c516
SHA2561e3c48f1301526cf164140c7e4a2cb14dbbee4ec5bd0f415eb98e32310c1d0be
SHA5125a5953ef9bda665f66b8f39e2074389381030c3fb5828d71ef529b6594712a43d4b59bef6b70c252533fae3c8b6a7fbcd236f5454107cbc443d9d87e4dd776b2