Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
06/04/2024, 11:42
General
-
Target
2024-04-06_79ab9aa6f6b8fcfa2b43713f4baf4b0a_goldeneye.exe
-
Size
168KB
-
MD5
79ab9aa6f6b8fcfa2b43713f4baf4b0a
-
SHA1
d8b5a4a2920c021149343b30b7a079cd820ea594
-
SHA256
804d7ac5bceccc1f1103cededcea7059706859dac83508a824c2c8f2f61ba22b
-
SHA512
2b5ee2bfb24ecb1464d37499cad2d6aec04609c081c436ea62db99b6c316fb0112f59a8ac03da88b3c8552c949d7a90d45adaa24644c73a4a2cc9a66c85483c0
-
SSDEEP
1536:1EGh0oJlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oJlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_79ab9aa6f6b8fcfa2b43713f4baf4b0a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_79ab9aa6f6b8fcfa2b43713f4baf4b0a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CEB85886-BFCB-47e0-A21A-BFCB44F386D1}.exeC:\Windows\{CEB85886-BFCB-47e0-A21A-BFCB44F386D1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7F416D5A-A792-4f8e-A759-988FDAC3B935}.exeC:\Windows\{7F416D5A-A792-4f8e-A759-988FDAC3B935}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{872BA157-1441-4e04-9665-5B54484C1C7A}.exeC:\Windows\{872BA157-1441-4e04-9665-5B54484C1C7A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B06333B-D2FF-4e51-88E2-99A057503D86}.exeC:\Windows\{1B06333B-D2FF-4e51-88E2-99A057503D86}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AEAB12DA-6391-4b75-A9EA-389449DF06F5}.exeC:\Windows\{AEAB12DA-6391-4b75-A9EA-389449DF06F5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2EB07D3D-D219-44b3-8FB2-8C9A72BC0CBE}.exeC:\Windows\{2EB07D3D-D219-44b3-8FB2-8C9A72BC0CBE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{83B7BA18-BEA4-482b-BAE4-94496EF4FC08}.exeC:\Windows\{83B7BA18-BEA4-482b-BAE4-94496EF4FC08}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{107C278D-1227-4460-B1B5-685F4FD127DB}.exeC:\Windows\{107C278D-1227-4460-B1B5-685F4FD127DB}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AA377F8C-7F51-4819-93C2-B9A5C6DE4F06}.exeC:\Windows\{AA377F8C-7F51-4819-93C2-B9A5C6DE4F06}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{85C3FF0A-6AA2-4ea6-955A-63E59F399D70}.exeC:\Windows\{85C3FF0A-6AA2-4ea6-955A-63E59F399D70}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0EEC43A0-1B0B-4d03-9090-53531D9A4636}.exeC:\Windows\{0EEC43A0-1B0B-4d03-9090-53531D9A4636}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85C3F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA377~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{107C2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{83B7B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2EB07~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AEAB1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B063~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{872BA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7F416~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CEB85~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5708a092e322830a46505435e9ee24d1f
SHA1fe32cd608accbd80d11ee05d17e1077e199db605
SHA25630f94db162a1be81d2bc02bbab0e892c32e4faa321990da49d121ca44fc2d4ca
SHA512ec3bca20fa1f099f8a83e60b233fd766889b35d1f225993e5873e1569e029affe7f498b9fc6bd2bd782191c2b8c2cd9daaa31b8635a60fc8e96eee555005a0d9
-
Filesize
168KB
MD522f6eef555c2064e206a0659175f4feb
SHA13f710199598443530f14c78311a2627b73ef6a24
SHA2568752cf93f55f2b7d111bca8977750433be77d33eb0a03675fff9d60e3a503955
SHA51248fe2be57263a2ec6880d2dc23d3e08380289d7c8f9b668cb00b42da12641157adf23e9ffae57b4dc1c8b92ec5853e1191233d475dee45135e05ef6204ed41af
-
Filesize
168KB
MD54b73486c028c317622dbc2e872685c3d
SHA15801072efd634e99677f613e9e3cd55b241d421b
SHA2563edc930c451065ddafc1ac02af87b9468f23fafb5cd7294105c354fb6333c0f0
SHA512045af597172c3d4f787c2e1cc4f704d751b9bdff6b378d88c9ab4161198bcae9a299a411a8dcb4c73a99e1594d9dd38500d09e454280f34b405bd90f2ae740d9
-
Filesize
168KB
MD5adb992db4231baf8fadaf9fd88620bc8
SHA10f048518a07f45f94d5ebf63f3c3ef001332d042
SHA2565a28e8a3fea5b7ff2f45a75d2c3514fedcc5373023577a619588de2465aa25ae
SHA51219c3ed3102a9d94763b191710bfe4d816cf26674cd3d44a32b0b031af5be84c76d3c9e34efb35c0c02f9473322d410681e71464a62181cdaf235d92b7ff9d8a5
-
Filesize
168KB
MD5acedda312fad84035e6974de77ce010b
SHA1801e14ac841af3af2831a7d3b0f916b810468074
SHA256f04b5c398046b6b71eac3c3637895f2b29a26c15fa976d2d6bfb17cf4716c167
SHA5125bbf0d70125234d27b129a1c4ccaaaf4b9fa5238351b255ecd84ceede6964bf24f366b77930f03a4893b94065c70d0eaade4e83ab7c9c0bda82d40eefc507096
-
Filesize
168KB
MD56df67f4a4922282731d53a6c9258f120
SHA18db6aec708e2b3de6da6cfa31d624a1947a37726
SHA2561698612fabe912e278364a68a9f8d439f3899a61690f63fe268cda2301ca3187
SHA512d4266170ade7432c71db279ddad8a7e1cae46abe3799899cdebb2f2aab54bd701aa6ad1bb29727b5b0a5ae4e16bd40a78402f2a6513d2040df6c196d09743807
-
Filesize
168KB
MD56a3852749ed4f9ba188957d159598822
SHA18e30a244d57ed1ed6688bbee85738e08e4187609
SHA256fce94dfae2b9cc8ea97af6141c87b2fe06345e187b8fdc00058176757b56ee21
SHA512ba9ffa826d401145c015d2698ae7d292c31532e2e6240bce9503793a51b3e6619d82d3ab92deaee44772326ff8383e1d73a0feb5a9264a2682a532592a15d54f
-
Filesize
168KB
MD5682894062adfd79b5b8a7fe6082c7f16
SHA1b2fd7608c1af03ef804fa0e216121a16a5377c15
SHA256d4c9b88cb6340aaa89f28948280bb857eb284626817d554875ce2771fa65eecf
SHA512b05f45de9dc6ca04962ad46d31fb85e831fa55fb9d71a4a5ffdb7f0444ed4f2320f19724fa72b483e98a9b4b18e7588dda5a7cce016ae71c4830926ceeb9e234
-
Filesize
168KB
MD5d7e4c5bb85a17a95b030b2ed9bbad120
SHA183f13fd3eab057d80f49a36970e81aa4ad3cf3ba
SHA25620a11dac37d8a5c80359ab89c32926a3d657a80d71d254750814d7222a206ba3
SHA51294750310b2c0c0a99bcc687f85ac8ec2952617548dee1516d550944b3fe50e463fc1215f1d4e8345bd1f13e3f13671025fa5bb8680bb25faef0fd24c09b66f41
-
Filesize
168KB
MD5b6feffff7c1176db0233cfc46565bca9
SHA16fd08c5134de21b3575f347036545ad8db37bf7e
SHA25672c0e1a1f2f9318fc2fb9d7d3c94e9ca3238f7651189b79c6a880fbb0f321e8a
SHA512860721bd745ab30ac7edfe4a9755079dd875534d84503a53a1e33c827d8635ee8ffdf172c3364a5b315c6b9296beae624e1accaca4f706385cb76d8ec01f0ace
-
Filesize
168KB
MD5252e51dda43ebbbe36c560d67dfcf3f5
SHA100e2182a13a96868b3e71c21d2997e0d1f6dd2c0
SHA2563b9781707284da074fdf8ba9ba9ff3e979aaa78161435982f9e872fc5c554ff6
SHA512a83a6aab8179af9ce1610325d814bef99a79e8835bfa5e68e3e1641b73884e5f48cef7113ef73a3d991fac5f5e861a472d0706933a0d2ec852d1bdbe9a94148f