Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15/04/2024, 02:50
General
-
Target
2024-04-15_a55b3fbaab5a66224abffa43a0d38ea6_goldeneye.exe
-
Size
216KB
-
MD5
a55b3fbaab5a66224abffa43a0d38ea6
-
SHA1
5571d0bd22526062f73b7ac2d3aac012461663d6
-
SHA256
db91628f2e212116cf5d67f72eb988cf9e9226face956f670daa8ac86a6f46f1
-
SHA512
033ebb2bbf15d06819a1a7a5bbce244432b6ffa30b46b6eac96fc97d877bc3207bba6280edf4ec47e87b29a9037c5b390115b51632f20f112d300a6fbc559f05
-
SSDEEP
3072:jEGh0oll+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGLlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-15_a55b3fbaab5a66224abffa43a0d38ea6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-15_a55b3fbaab5a66224abffa43a0d38ea6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59278C6D-C34A-4710-950C-5EDD9A9DA654}.exeC:\Windows\{59278C6D-C34A-4710-950C-5EDD9A9DA654}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6B195893-D49D-4516-9E75-2B69EC20368E}.exeC:\Windows\{6B195893-D49D-4516-9E75-2B69EC20368E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{123697FE-08A5-4abc-BAEB-942A36E5ACF4}.exeC:\Windows\{123697FE-08A5-4abc-BAEB-942A36E5ACF4}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C05B314-2671-4dec-9F55-BFD868DF9E70}.exeC:\Windows\{7C05B314-2671-4dec-9F55-BFD868DF9E70}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{003D5929-ED58-4082-8735-A917B5DF0365}.exeC:\Windows\{003D5929-ED58-4082-8735-A917B5DF0365}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6563C690-5EE5-4848-B23A-42D42752B3A6}.exeC:\Windows\{6563C690-5EE5-4848-B23A-42D42752B3A6}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7ED95881-8B6B-451a-A946-4C854609336D}.exeC:\Windows\{7ED95881-8B6B-451a-A946-4C854609336D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DB477A14-F45A-4aa4-B1EC-5061586F755F}.exeC:\Windows\{DB477A14-F45A-4aa4-B1EC-5061586F755F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A05E7274-29ED-45bf-B5C3-68327BE389F9}.exeC:\Windows\{A05E7274-29ED-45bf-B5C3-68327BE389F9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DA9B1730-7AF6-4b76-8189-EDD6D8728144}.exeC:\Windows\{DA9B1730-7AF6-4b76-8189-EDD6D8728144}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1F59D33D-9AAE-4895-862A-FBE507FD489E}.exeC:\Windows\{1F59D33D-9AAE-4895-862A-FBE507FD489E}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA9B1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A05E7~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DB477~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7ED95~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6563C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{003D5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C05B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{12369~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B195~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59278~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD55b058638a3124b8503c869495a5a6e63
SHA117eaca6db07c3d7db67f78617acdf6e7481eac3e
SHA256a3fd39284534b4c8dd025174ae9261fb47bac81ecd302d8405252e99a5ece09f
SHA5120aaebc224fde8be797dd49f3ea9cffa34881fb93eb8d340582dfb5c88d5b05c9cbfc09867c8903b76ed98858590feef58bcc46d32325c8f69168864aa3306d29
-
Filesize
216KB
MD51d473076b43c78d70eeab9dc11b33cf4
SHA1f9a3b895a67acaf2c0551a945506f395c3f5524e
SHA256110bcfab5b2a32459e209081fe9243d89d9fa0ad766f5246084898d15f5f0d9a
SHA51293a5b9d29e2e8e8ca552c76ad4fcecdde246e67081243b8c0c67735f8dc751f8f644f5548a2640c61e53c3149fc94848cf105fdb1329139bb785fa1f60eea8b7
-
Filesize
216KB
MD55e1df17301e9874ee73875c825cbbfb5
SHA12528961df2a15775bad8f76d459d9224ac9eabca
SHA256087de790177307a2b9bb4feeeabb62dbcef97baa4c1eeba1b30f1f6767a2764e
SHA512cc314e3a4ddedefba4d4942683c926987c58bab8372cd2c5cc0269b91b61f7c50cb706b26fe672eece541ea1b8af934d0fa9fef947cef3e65b3d8e85d3a019db
-
Filesize
216KB
MD5f88adca653d2beef480f27a941a7ff49
SHA1de0f8ed0ca4e0e6d2df73fb4213df2082d7a8edb
SHA2569e1d33df3a6a4134d7cd09938d46a1356955a23a2f21c99acdf18116a1428145
SHA512299f6ae00ef61b09b5368c98c8b21cf144d90f01669dca287d31a725e04cc9c118181fc64295023d0daed0dac5f4af2ef7f845be910b6f15cc75217052baf1a6
-
Filesize
216KB
MD5dc81f5419687e8e2a85a47034e239b74
SHA15a6de506c5db02494d2ce3cba818076becb03304
SHA2563e74ae7fda6ea8476397567cfd74ab445b519c8ac29234f8a17ba916eecb51e9
SHA51204fdec002382d055c0968d1eca7621939f7e665f5ab930d80b6a02a73b358065f4ec9e8dbdec7752f9696b52266fb4f3db22dd28f30a18bf5636543a4e408ccb
-
Filesize
216KB
MD5615e368ee28e60cd95bc76ee26eeb680
SHA1d477c9e2bb9b97a0fc4e91e41502499502c61478
SHA2567979454486bb05209a6d933419d91e1ad609750d2d1c1e2df7660ac02dfc6e14
SHA5120da67568e72ce07ac228ef86ade36f48d9eba62e07bf60dcc3dbaa86589ac0324b988d60ad4c2f84178ef853219b1d6fd73a0bc32b9260d9fdc3ac4c082aae75
-
Filesize
216KB
MD5d41dcedb52e5d60b15ac9b017bbb5015
SHA10fdc97b0e0e4bbbfe628115fb60c4345eb9f56a6
SHA256a585db4a1bf92129d238c0daa5360e674d3c76c4636ce9488f1859498867e5a1
SHA512c92be9ba4594a52a11da5140a1c6662d34e570510c0e2d97262dbf38433fe5cb62cadc8c6cb571f7862911186f601226104b6ab95ee4e869d24b0a4a70bfec70
-
Filesize
216KB
MD5d9d7b7107bb58925b86abd385a5b8b14
SHA18ccf7d6fb4e65c3eaad0c1439c89d23e0650b3e6
SHA256d07f5760c0b109ad0035da514a813a07815616a2a94b879203ec32b8a998fb45
SHA51224aca3af25744963ba7ed98fecd92c9a79583d53272dc9afa6d9e4f7a21b537a2db24ca997e859e252dc2690a91e521054a1cb447d6e289efea54b2ea9e9cbc7
-
Filesize
216KB
MD5433db0b21e8fdc0a9d5da9516da550bb
SHA1fef7d9d50ad25ff0f29358fe8da74e2a1077e487
SHA256ab1774aeb4613100b67d17f3b1aaa87a00a0885cc4e6b01d7df368b315b66529
SHA512b689feec514c04b8bba4cc8dc442f69b02763c9ec4b1b83c677132f8b5e0921a1cdfcf710e4b8a5efe598eb921ea618ce9a910f94362580226b62312de6272d0
-
Filesize
216KB
MD50a37b1f0817900a94f86608bf48a8954
SHA17c0ea1cef96f3b60760b783667f0db450d5999f4
SHA25695e342dfd839da75219dd59e40fbabd3303f5616fc8b2d721eda14f261c89c8b
SHA5123a9173cb451fd55401ebe8f212acc41b53ff37680a498a64b3b08ff9c1b25b5caa5f86200f78e4b8a846dabbd3bac5e7ee7c9a5d84429a5d7d8f0362d4981f5a
-
Filesize
216KB
MD5a204a1e9992ca4b30c76c2a3537fd072
SHA12434c2598d92ac3f8a1b4a8082609731b5a0ee5f
SHA256d8a6865cd30f9cefbb3fec8c4e84706b48dfb80488c34f8149807c07581e4c76
SHA512b1e4d929ed73c8bc82733ebeb09ef5a281cf95d548127b469051b29466dbaaf490c29718c9970b0bceac6a1a9678abc6dfcf0a9bf13d16bf86b4bce3e0b9ebd2