Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
15/04/2024, 02:45
General
-
Target
2024-04-15_d5cce7bfe07889865487b2d81b886485_goldeneye.exe
-
Size
380KB
-
MD5
d5cce7bfe07889865487b2d81b886485
-
SHA1
22f06018275b07eddcaa4b297aa06f42edbfcb79
-
SHA256
ff61ca5fe75ef4a28044cb1f7a68f36d2d8472866d35f01fe1fb7db67c02e33b
-
SHA512
895b6821aa17d896d90c4087d821983e811b31a8f0f17e69c3fde83c39701ac196d5b39905d3380bd895c7c2f516029e5533f415ea92a6ff02bc0dd0f6cbd461
-
SSDEEP
3072:mEGh0odZlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEct:mEG1l7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-15_d5cce7bfe07889865487b2d81b886485_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-15_d5cce7bfe07889865487b2d81b886485_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA986745-15AB-4a5c-9CB8-A688F9940400}.exeC:\Windows\{CA986745-15AB-4a5c-9CB8-A688F9940400}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4D1E87B6-C973-4cba-A53E-75CF1B7BC8F6}.exeC:\Windows\{4D1E87B6-C973-4cba-A53E-75CF1B7BC8F6}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42E46981-C267-40ac-8D9B-3F550104C53B}.exeC:\Windows\{42E46981-C267-40ac-8D9B-3F550104C53B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6B95E401-C2A5-4051-947D-6B591CF397B0}.exeC:\Windows\{6B95E401-C2A5-4051-947D-6B591CF397B0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6FCB9770-BE4E-4a74-8B0F-BA377BE53B35}.exeC:\Windows\{6FCB9770-BE4E-4a74-8B0F-BA377BE53B35}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B958869-D395-48e4-9B43-297E0B790F9E}.exeC:\Windows\{1B958869-D395-48e4-9B43-297E0B790F9E}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD74DC6C-224C-48f9-88FF-26B0C86E78DC}.exeC:\Windows\{FD74DC6C-224C-48f9-88FF-26B0C86E78DC}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B7E747DE-BAA0-4fd1-82C3-5292AA2ACBE7}.exeC:\Windows\{B7E747DE-BAA0-4fd1-82C3-5292AA2ACBE7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{509E91F3-A038-4574-924C-980BA83C1927}.exeC:\Windows\{509E91F3-A038-4574-924C-980BA83C1927}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{90A19A30-AE95-48c4-9667-7E07681536FB}.exeC:\Windows\{90A19A30-AE95-48c4-9667-7E07681536FB}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8C9571A1-43CF-4850-B8BB-3633337828CD}.exeC:\Windows\{8C9571A1-43CF-4850-B8BB-3633337828CD}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90A19~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{509E9~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B7E74~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD74D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B958~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6FCB9~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B95E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42E46~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4D1E8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA986~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5ff6f0e953cfe2eb7d284486fe834f515
SHA19d6a317d6adcd9e16ec80fbadc57eb08be96e3fc
SHA2569d6e3a25457fc62b8d300826cf03618a972a5685ad8f23854ec4f8320860528e
SHA512b009a57dcefe56b1a17b2a3ee2800b4cfa5a490a4718514c111561f78aaeeeeadf2c3a4db25d623e638cab79f42e772dfdde4c66578398708d78aeb3519000da
-
Filesize
380KB
MD59e4062a3bd1142dc223f9e813a9f9f08
SHA1fee8b89e5724b3e9ed1d2f888fa4f961c8b06ea3
SHA2567a98b2faed32364d742f1b3e42c42773548e16ba8a4e60559b3c017d1187d767
SHA512564cfae30efb9de79db88616f3d7b37c274bb348bb5cb935833e7813f8a32c5980dfaf87659ba20d56003fca3205853d16f9ab146912ea0a793594e2e6d9adc2
-
Filesize
380KB
MD52478e33b0e3a48ff73cf7a75640948cc
SHA1f4a055f80844c57f70ee64e26c58dea83dc70a6a
SHA25661f011ab78b9f37192f2f56c922e7b8eed84741e1a7820cca39c027292efc586
SHA512efea65a7fc95e695899fdb5b02a4a31b73c2455fe8b27d247b10f67c92f6e1eb10ac1a824f90daa84d6830cc799aeae7daa442a9d7ed04884147d5de17dc001c
-
Filesize
380KB
MD55da215c6e4331f867384caeec35b7137
SHA1ad97a3c7413d98e7beec3dbba8ace0d8071ace06
SHA256628ec584856643c45f652a0a999a8e7f0329a3af2ff68ea05ddafe1f7dc3fb84
SHA5120d2a40cb26ca63a68d758a4c3c05947b0e5cda3f6f43414ba64174cfa14214b6d4fa78fec679b836c73a043c63abe946eef8ec45ee05c0ad3e7362a638dbcc68
-
Filesize
380KB
MD5b004dc835edb002058db4ff517c459b6
SHA1b34d04f8ed14d9dc42e17410d071aabedcd94142
SHA256fad2f5e15d827ee5fd5c37929384d204c34297a1f206efccdcc09480b235ef5c
SHA512e405dc1fbcb3ad044ef6fe1f8888bdc7fdb3e649cd4951b044938269dc95085238306ea813e4ebac22aef7d786333208794854f659caee9dc4e1f9da87dda760
-
Filesize
380KB
MD5365958a83039b08441e7538bbd15021e
SHA14415771edb3d43c4828149d462717e771690d7b0
SHA256e18a1f21dffa56b2708b0145f01d44b455cf546d172056e93459ee58788dbd3a
SHA5122de424792d6a7a54eda3f16b4f06270e051fc5020b4da286c5dd3a452cba9b674e633f12bba0b75bcdceea39296a5d8c1a983b20dd9e5c3ee00c6d20ddda50a8
-
Filesize
380KB
MD53b26479b7d215b8386efe23ea9499a00
SHA1a2768512ae29babd705a3563457e40e17a693c98
SHA256beb17adc5f5dae63f54b99507cc8ef07b78191d520fd5176bae6596fce25919b
SHA5125e5191601be4e0c369e49bfa24ae7da584b31c7aa779f854079e190fbee4867d981ec689b7bf012909fdcf6efc09e48b07ee37144ebd852da0558141e2d14265
-
Filesize
380KB
MD5f8b1c7c882030c0438f8838afa88065a
SHA1a93c3e643fff88076d3c6a563fe04f19c5192147
SHA2567bbb2dd12b3c27158014818e4a3aad41412365d7ccb2944041ffef6474b5670e
SHA5121743b137c07d4b7dd9147d31219661b35127ba83c1f18e2e9bdaf99b9e07315a611bbfc465728d0bbb75dfcce077f3082c0e9479ebf7f7731e3555daa243160f
-
Filesize
380KB
MD54eeed77825a20cb7a2675775d9abdae5
SHA1f15c1ea45a9dac41f8b6540b0e432910089486ca
SHA25677889bbdd9e5b6b6711e540120d4fc8ac1e2763c18c2521cc1ac8fae25cdf739
SHA512837b972cbe313b41ec2068364e8baa3ade48c97a6b693043f041641e00d8eacc6f36163eb06dea4d5c0ac2bcbaed7463ff515b8c7aafca0ab9961a5ae09509ae
-
Filesize
380KB
MD584c3234c9261ba4a47f1269f7e819b4c
SHA18d459e4bf95fb7e09ebb69c265235c299b2aba73
SHA256b8ba58b4f8e05864df6b53ed680bd45815f8007c18337b7d4fc1c52f972d52bb
SHA51228a4d407cc88f839d8db831831ec582dd16395299b7e7c34b1297fda789f9047d403506ed4c43d4218063fce6df3dfe9a0980d29426aaa5691ec3d17b98cd4d3
-
Filesize
380KB
MD5901332e35f991facab971af2a00f9cf8
SHA11d3d64f66fa6d4df8abbfa0db5277314107ca9fa
SHA2561787b9acc31ba4e49fb4258082e66692ccac24e4700a0e3e07cc4a22a5d27600
SHA5124350c4b7d2732d54e64669025d5122bc107af4837c440247067d708bf564238de9ad1c8fe6d38ffac0ac6ca2046e543143677b786c637d2ab2903c93bd47d9fb