Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10/04/2024, 18:41
General
-
Target
2024-04-10_60b600c9d25f52882858112a359af891_goldeneye.exe
-
Size
180KB
-
MD5
60b600c9d25f52882858112a359af891
-
SHA1
aee75c0a22b389f4ef93073b43e1025089163aae
-
SHA256
49324dfaa5d9bcc9eaac77902913a62aa95ed99ae9d9de6222e5b1947cc9cde0
-
SHA512
451e7388281c96925493a0e23dedb22202e477b3946cdb60ba45e06f38dba30d1d4beb0ea44c435d6506f9f6d4d6e9f7079d29304acc3f4d6f0f678c199281d3
-
SSDEEP
3072:jEGh0o0lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG2l5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_60b600c9d25f52882858112a359af891_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_60b600c9d25f52882858112a359af891_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{19038B04-13D9-415e-837C-D02C70E14BF9}.exeC:\Windows\{19038B04-13D9-415e-837C-D02C70E14BF9}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B395FCAE-7EB2-49b0-8D74-75E0F51D63AF}.exeC:\Windows\{B395FCAE-7EB2-49b0-8D74-75E0F51D63AF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D7EE1F7-3931-4bb6-8171-16816B0D50CF}.exeC:\Windows\{2D7EE1F7-3931-4bb6-8171-16816B0D50CF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64B9B3C9-C155-4904-BC45-AC9E70F0FC86}.exeC:\Windows\{64B9B3C9-C155-4904-BC45-AC9E70F0FC86}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D6BA8A4D-C625-4beb-80D0-0912C05078B4}.exeC:\Windows\{D6BA8A4D-C625-4beb-80D0-0912C05078B4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{654FD254-9FF0-49e1-A100-E5A9002035D1}.exeC:\Windows\{654FD254-9FF0-49e1-A100-E5A9002035D1}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06CC1338-E00A-45ba-98AB-D53978E964C8}.exeC:\Windows\{06CC1338-E00A-45ba-98AB-D53978E964C8}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2E6DB9EB-CFA9-45eb-BEA0-8E0214891D7B}.exeC:\Windows\{2E6DB9EB-CFA9-45eb-BEA0-8E0214891D7B}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F7DCB36F-B179-4aaf-B4C1-C6052DC6D73C}.exeC:\Windows\{F7DCB36F-B179-4aaf-B4C1-C6052DC6D73C}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F5B49E3F-24CF-42af-9F4F-EC93F1922F52}.exeC:\Windows\{F5B49E3F-24CF-42af-9F4F-EC93F1922F52}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9AFA1170-EF52-4d43-A134-7D57B35A825B}.exeC:\Windows\{9AFA1170-EF52-4d43-A134-7D57B35A825B}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F5B49~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7DCB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E6DB~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06CC1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{654FD~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6BA8~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64B9B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D7EE~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B395F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19038~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD576a2b6727632447190d11d56777094a4
SHA16e5ea35dd0620b0e5a26789dffc23d69c82ca7fc
SHA256b26b8a9c1c67b9d9bf7115e4d6f87968c8ec99133eed7b475b6238ef62ccb335
SHA512f68a32f527e2bc6ea774fe338b1618c9cf00844f864bf6054326ee669a9c30583f0da2e4a66ef1ab48e650a20b386f3284eb3269deb08bda634de5daf5cb650d
-
Filesize
180KB
MD594b1699825cb6c439c0cbbca58c93b6d
SHA1ff36a44ab706edf73e940258cc3f8ee254ed303d
SHA256fe96f1ec5969106ce57f536899033e2ab5b26449c5389fadf6249a88388993aa
SHA5123ce140ba9ac46588411bb6aa084bb151999127e4c30931a08ac982483499970469c07ce8672db30a18492c18aefebf7973ad4af6d9d11afbb7b23341d95c0286
-
Filesize
128KB
MD53964741fa9355ab115377faae2630a11
SHA1d23788ec1e824544258efd504324ad6e42a53821
SHA256022b232e541de91df9a6a3b0a6f7ff50b31944def44268a2fb4b261b8c432cb6
SHA51201231d07e75cb5637530c127693d985adca2b93b4d27ea1a2355d2fe83bda0092f6f7676137d073d12d3329c9bef635223290d99353aa0f29f399e7a834bda59
-
Filesize
180KB
MD543d83b914c7aa04a67d5a2e55bd1a54c
SHA1705559513671641e76cfcd73caf91e48fb8e1bf4
SHA256182be78ec70739cbbe84d2b71f5487728080f1c80d7582d6050001bdfe95a5aa
SHA512dd303504e111834c50db36d1568a63647627658383dd41ea70e1fdb020ec770d401781f3a083c434a3b647aeb094c77b362c9e67fe57fccaa5470e1ac6e23eab
-
Filesize
180KB
MD57e4e5cccf0c30d35e53b71ac0640c1d3
SHA104a0b165c0a17f9e7aa575dfa9e6f526253dc024
SHA256e1ab8514d934c380f873d714c2916bd61928918a6088bcd41ac57f6df0b582a5
SHA512488872b0198ec9cd9e05b1b588f9a7ca8069c9d180858015dc60451a5e6fe8581f8318aadbe11139f37009cd08011e6331a7e77dca92134d869e7a96ca63f9f8
-
Filesize
180KB
MD5a4286db5c5ca56c7149f6f490c3f40fa
SHA1e5e30cbeff810a705ce60ea53271d31501d04bc0
SHA25626711db3937e22fcde0b9d5cedc6ab5b18ed180a5b5698065588646dc72c29be
SHA512f488ec14e7834d25f2a17a26cb5eb241d92f32ab95008926869c16402c02f64196873a5d970497772aaea712b659591e4183d1e6678dc33a43a2839d5e1ccb55
-
Filesize
180KB
MD52cc5758624e5e42493bd81e52119abb5
SHA1af10945dc0d796d8414226dd74496b8f6df690d4
SHA256ff982f260c51a9fdd712ec63195f956fadb9f25bcee0cd6207cab370da1b4c43
SHA512993e9c66dd5af296bda76d04eec2c92f4835a47c4c4039883aa4c8daa29d32efc1c83929588f368a1ea72e6a9dfc6fb58f6db581dee55708ba93cd17e5dd348d
-
Filesize
180KB
MD5e7e62a27b873ecee656e9f61afdbbd3b
SHA11cc9f0b2a0adba08f9b6aac79c97a1c8bb129556
SHA25678368b458f747a81ec1f72e1b4323d9721509ac20db8d61f8376cc169555204e
SHA5122a7e27875d79e883f8f66f1079739d1fa1db4f4b35e142a59e40a6e8e2c18aef9a7ee89c1ecb178ae0718e695740a1746e94b1c73dc2c150a6c79f7ccca746c6
-
Filesize
180KB
MD5a092ca9f799eafa495844d7684c31d6f
SHA1a66322e5b27ad2edd7885c4f28a2056999f7e100
SHA25661d06d3b756c3441e99f44903dc80634bb11f4b3c45cb27c30c14cf45e68b5ac
SHA512b9fc619c4447503f6675ff7faedbe227cb400e42453b9a8d7d2c48ddf13e5f094d3dc68b86856bc902afdb021e576600be3c1425922102d9751fc4ded92fbcda
-
Filesize
128KB
MD50c68aaadc1bf78ca5fc955dc3a97f8ee
SHA15267ffcd89a887245744c48df9644e75b03817a9
SHA256c9db13054359f17c9c4a18a196e7010eaa2437719d21468092188d755e0c0241
SHA5120e357b8050477c11776062b984ae920f4fd2633c827281f40a1cadbfaf3e11555b4d4fa7b7a0d786abb819d52c1ed55c283392e08901e28e1b310868c4bb7bcf
-
Filesize
180KB
MD564723a5ba684eed75b9f37bbd9e6dbc4
SHA1ba12916424841526ec10ed38b507551dba161813
SHA256dcaf220fb4a7d26c8052cb956096e6830ca2c175fb2aee579bc6fc2a5d55e8d3
SHA512da70b74729584cfbcc40edd283449660cab377ca2766fd71fc5a6779fed0d5556448d00d6ee39eef07471c8b1d849e7d3f30f18f10bb09503d52ed062bde83bd
-
Filesize
180KB
MD587cf39932696e1c56449fccbf0143614
SHA14a6789670b28d5ec6450358dfe3f79334f5105b9
SHA2562b53e25e6e5d09c75ad2f2dc01159e16951d5addb9905bb240b59b99beccdbe8
SHA512ebd1aa6850e5d542149585f500263ffbf1474e2cd812deb73c7f8ab0d7e38b5fe8abb56ea117a319ff57e7cbfaf0b3a0e61ecf5dbbf5d06040e3175fb3e682ab
-
Filesize
180KB
MD5e3300d82a5b5d1ecb2ec558694864ad9
SHA1e17aedc14facace520c80e6b9c07e9c0a1426135
SHA25618e7835940c93f77714217dd7342a0f288d487fda3c4cc075ca2cc86cc977153
SHA5128d3dfe229b5cd5f5a2d10ab97fc9d82e3e0de41478137881a8219c5dfcbbce59e7760345c8d36189972da3a46f9b3fd997f5f164977f438c7fbdd3a1cc5e7526