Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
16/04/2024, 00:50
General
-
Target
2024-04-16_bf04d94f9185e2a7f7f35d651d6f9bce_goldeneye.exe
-
Size
380KB
-
MD5
bf04d94f9185e2a7f7f35d651d6f9bce
-
SHA1
2f121e0d4a6c5e6e047acbaea26fd2be1202ec8a
-
SHA256
3162bc7836ff74163f393a0850aa2d901967b36c3d1b162eea03a6c89c2c75e4
-
SHA512
6c57f3f1781373472355533fef70777ff9a5c722cdbc56d88ca486d26c3211ccf1ba3ffb7c959742aec65e3b0d00856127368835b868d716e753c5bfbe307221
-
SSDEEP
3072:mEGh0o7lPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGll7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-16_bf04d94f9185e2a7f7f35d651d6f9bce_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-16_bf04d94f9185e2a7f7f35d651d6f9bce_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B4A50219-9F1C-44e7-AE86-4FBACEE8C358}.exeC:\Windows\{B4A50219-9F1C-44e7-AE86-4FBACEE8C358}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{787A7988-C8DE-4286-8808-7F19092075DF}.exeC:\Windows\{787A7988-C8DE-4286-8808-7F19092075DF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{912F48F6-CA39-442c-8E2E-BBD531FABB61}.exeC:\Windows\{912F48F6-CA39-442c-8E2E-BBD531FABB61}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{809DDA71-0F2D-43e9-A3F5-5924117B2BBC}.exeC:\Windows\{809DDA71-0F2D-43e9-A3F5-5924117B2BBC}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A99EC938-4131-4743-900A-80FE1E18DF9B}.exeC:\Windows\{A99EC938-4131-4743-900A-80FE1E18DF9B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F9A588D6-DE20-4ecb-9010-DCD3F4DA6601}.exeC:\Windows\{F9A588D6-DE20-4ecb-9010-DCD3F4DA6601}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A53DD2AE-ADF9-4c7d-B121-F454F4AE83DF}.exeC:\Windows\{A53DD2AE-ADF9-4c7d-B121-F454F4AE83DF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E0AA2E78-D384-4940-9944-6F62EF46737C}.exeC:\Windows\{E0AA2E78-D384-4940-9944-6F62EF46737C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{28F377E3-49CD-4e89-95EE-3364FBBE965A}.exeC:\Windows\{28F377E3-49CD-4e89-95EE-3364FBBE965A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{306EFDF0-B903-4161-A9B3-124B5D4A5917}.exeC:\Windows\{306EFDF0-B903-4161-A9B3-124B5D4A5917}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AC09E2CF-0BE7-42d6-B421-EFA3EB6687D1}.exeC:\Windows\{AC09E2CF-0BE7-42d6-B421-EFA3EB6687D1}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{306EF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28F37~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E0AA2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A53DD~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F9A58~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A99EC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{809DD~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{912F4~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{787A7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B4A50~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD58c80cccb1957854c30af5070e522427f
SHA1532b92b21a4145b3e0d0c8f219992ca536bb0311
SHA256dc6731e39daae506af9791c58c3507646603d7cc3140bdb234a57fd8f1a55922
SHA5124bfb67e7dc1b861556533808a3423453d5818e38b6a287a428d2aff8a9ddda39381fa81a6847fb7c5ece92bb7c27cdfecd5e371888eed0db1717c28719d14cfa
-
Filesize
380KB
MD50ac867e8cc32e93c1359e4e08c0cd2e9
SHA1f4bc52e06cef5e516f048e874fc040908c927d2e
SHA2564d483319fb6c97c741d7984dd53652ae99a2af81466fab429efad419fbd33093
SHA512a0535c54e8f1d5613519eb3306631b74f6818ff3ae70019fb9357d224f525e00d48ee757d2889a478577b0771ea58792fdf0415c7d20caf7b9c1eb174ad0e62c
-
Filesize
380KB
MD52dd18b21a11fcf2565b51a7a6f0889f6
SHA1f26200bd5c79090ccad5d041b8f93e183e91f348
SHA256233bb2c95e65d77d3f9c6ebb4eb3e9ce3506fa8bc3cfdfa05a4f14a2995601a0
SHA512d4dcd9297828375c398f8b596db3df72a154faaf0be84ccf8a7f9b73ebba1ac5574e35ff2e05f163e3c3d3fac6bd924fa656271807f6cdcd7409249dafd767af
-
Filesize
380KB
MD581a367e0c9a6fb500b21b364718fa281
SHA1eceb6471435e46991e5d0eef0d67856903ce3551
SHA256cd14b00f751d26c9d0e6f1bb7575d46ae29d828390cc563803448c0882697454
SHA512ba5557568b060467848056aad77deaddcdd8e475a1743bd90b98e43d1b6acb4d52f5e234cf1f7facfe17263873105db4d960a0e95da876a1ae733ae68ad8087c
-
Filesize
380KB
MD5ce05c918e19c38fbfdd3d91c6ed7f83e
SHA1c909a010768f263b2ad7a89be91a40fca38876ce
SHA256a0c02c108602645166c1f760a87b350d200b66eccfb77c7225633bba0f5110e8
SHA5127573dd0189ec53d9a8c247322428dd379ec344ad63ddfb6ecb4e68dab8b66a9b4b3ead5d38d87d04a53d4fba2ce17b13e39b72c0f5b24ef7d8f22513d3c66a51
-
Filesize
380KB
MD524851fe369c6a3d0c3ae6f3a0edbf7f7
SHA1260c61a84df4bedbe6d51b541524aad511413c9b
SHA256c4dc77f8a22051c7254f165ee66355209105fdfec81b5247f8e06cb3b7876acd
SHA51219628c92c7a42d7d69bb6230ebb82c93d7603705e3201f0045f12cbc0d029ed8f7dc462f29b86b1df1cc37740f01ce51a9088ba3b68cca079df38ac67ffdb057
-
Filesize
380KB
MD53c6fd781b03701787ae5183a71e61680
SHA1f86bcb52f7a9ff144ae7338801e4ebcaa18e3eb0
SHA2566ce02dc680e2d189cdf8e4d52ad401d0ed3ed8d2fc7e94328f873c8fbf9c64ad
SHA5121130a24996eec4e67f3d7e66b9403ad3695194a91d87115189d4b6c90d1b118bdd41e181367322f14c5b805622446e1b927dfd107c258f32b0ab07ecc58d9ba4
-
Filesize
380KB
MD5259dc5a75a9d98565e238daad3a082e0
SHA1d6a6dc4aba1dd1a9d5f7a6c5a36164ec7ed7275d
SHA2560f8dcdef00a166e9919d6daf742bc43f2d6bad8b470319dae76139ef88339d6a
SHA5128e8062abb19d0b00771bdf0ab62734d036811b9ad603ed29f9d5ac795c903136ba13a272b52c8195cb5d24bb15f647b0b4ec663f88e7b82e033f680a7afa3d06
-
Filesize
380KB
MD57d2a35eb3f63eb1b2e49e8f0179accd7
SHA171de75c9777788c2f9f01d2830849323be243e36
SHA256dbb78a43fa5e11c648a7b912e934df3e44762ca95f5fe5d2383d37fb8d234ae4
SHA512972a0d9f28cef4e038a2cd8b978746ad0ebdf19acde8be61a55e385a76b9f4ed9d88948fc76d8ac3438d7205d5ca1ea14113b65a0604e8b15205e2d472212701
-
Filesize
380KB
MD52fa6b1147ff5933d1575d7a91d2263d4
SHA1f2f5efd51718a4e2cbfc5ffb36a25e8a711aafa2
SHA2560e5c10b69dd64bad93700fa1a5d156cea9bba16079e54e9dee43c6425981f9e5
SHA5123707acb971c28915169d02cf264a8b95be2a1335d11747e69017f605cb9c13015f189db5a5cbf71c2da57d6407fdebeba70f9b8a9cc1e840f86e153dddd45cbc
-
Filesize
380KB
MD5d54d84177267e73417d1207d4fcff2ba
SHA19a1f0932c1e6d2c44aaca943afebb334ac0c298d
SHA256e4d7472c9413ad58241aa5ff71aa6dd5e37dbae95e46f485240504a7a8aaa403
SHA512b39ae227f6b4c28497d2c8dec0220c03f8c4ae5d8308859606dd7d8f163f81338795baa19033390649af18ee5be889b947ed084326cee3fa6a3e69d45fc44594