Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
18/04/2024, 20:15
General
-
Target
2024-04-18_54fdccf6c125d0cadfec4a6cde1307b5_goldeneye.exe
-
Size
216KB
-
MD5
54fdccf6c125d0cadfec4a6cde1307b5
-
SHA1
793e34f2199f03d011711ce03dce78700a126787
-
SHA256
1aaba6f1798acbb1cfbc4c1039686f59d2514d81c4e7901bcf48b48cc85fa506
-
SHA512
eb7f5cbe96bc26ac045c96bb6af16d67f1e5577e185c2741577b4d61783100546bf753e855182656ac1d0b68e62abf75d3a0e973a4ed694d3a3adacee9b824ca
-
SSDEEP
3072:jEGh0ozl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEG5lEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-18_54fdccf6c125d0cadfec4a6cde1307b5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-18_54fdccf6c125d0cadfec4a6cde1307b5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A075BDAB-0E92-4a4d-8671-221240CB4819}.exeC:\Windows\{A075BDAB-0E92-4a4d-8671-221240CB4819}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DA8E2881-FA57-46d9-BF4A-C99BB533818C}.exeC:\Windows\{DA8E2881-FA57-46d9-BF4A-C99BB533818C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{40286CAF-DBDC-4240-A816-B5833B8A8C8F}.exeC:\Windows\{40286CAF-DBDC-4240-A816-B5833B8A8C8F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA8CF276-640E-4a4a-BB76-724A729D6D3B}.exeC:\Windows\{FA8CF276-640E-4a4a-BB76-724A729D6D3B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{430BA673-F44C-42ca-BA9F-90DEBD437658}.exeC:\Windows\{430BA673-F44C-42ca-BA9F-90DEBD437658}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A5BF34E5-E86D-4e36-8926-B6F319404927}.exeC:\Windows\{A5BF34E5-E86D-4e36-8926-B6F319404927}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D48C75CF-F699-4cf6-AF8B-52FBE1F8E0E7}.exeC:\Windows\{D48C75CF-F699-4cf6-AF8B-52FBE1F8E0E7}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C3FAA91-544C-4433-9CFF-A3FF07DA23EA}.exeC:\Windows\{1C3FAA91-544C-4433-9CFF-A3FF07DA23EA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D7C21380-8689-4d57-98EE-453E0628A73D}.exeC:\Windows\{D7C21380-8689-4d57-98EE-453E0628A73D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8C2FD754-D183-4cdd-A6C7-CCEF27554939}.exeC:\Windows\{8C2FD754-D183-4cdd-A6C7-CCEF27554939}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9B6D6654-CEB0-4601-B981-C6494C653986}.exeC:\Windows\{9B6D6654-CEB0-4601-B981-C6494C653986}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9DEE2FE2-3C73-48de-8601-A9C00FC56A5D}.exeC:\Windows\{9DEE2FE2-3C73-48de-8601-A9C00FC56A5D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B6D6~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8C2FD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D7C21~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C3FA~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D48C7~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5BF3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{430BA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA8CF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40286~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DA8E2~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A075B~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD52b078b6685545a8e1bb890c39245e63e
SHA1770ace34df86772fdca53d83c515348421840809
SHA256d26ae5c4d2b5634e433ec20d2355953149155e266961ac7403dca7956f240f43
SHA512c59a445aa8c87b14fd2b705dfccddca4e3d3f9a4215e03555bd79fa639f8f9c17e3c802a47290a6a73306e90014926f8c180fff2f44fa275a011d8f768a32ff4
-
Filesize
216KB
MD5406f3767700f4fa35f0dd9faddc3d2e0
SHA114e2f50368cd409ee9642ca7bd31c2410a8dd190
SHA256b022bf30816c7b162f34190b61ee424221a1288ca13032b3f8df51933b1e331c
SHA5128e15423eb902c255d74aa3bd2a4294b9a974e3c83170422a1efcd96f515fd4d40104978e53a21af6becd93cba1732803712a961664fdb175fd981dcef016d03b
-
Filesize
216KB
MD52eace806dade9e9b10a431b14d4b670f
SHA1fa06b132d866407b4e40c82cf29db5e2b592e353
SHA256f22d89a7519b5c4287ee7b6c740b6a581bd4c9b1eb7f08f4968132bd044e716a
SHA512fc325a65953fd9eece79858258a75bc44696c9b5b285febde981dd398a10aab7cd73702341e28f934ac31fbaa5b0501a52c733e97b8672c8332325c8f7b6be67
-
Filesize
216KB
MD515d6b56841fbaa17f4868d1a694faeef
SHA1e1e252db8c298f233c79850dd0f7fa4840413ea9
SHA2564915b441767a2111872b0c26d116ab529c51ad21da630ecd6bfedf0a01b949ab
SHA512d71732b6fd1da4f7e7de8f304c52760665cbf0d1a61609653faaab6ec16abb6ec6a504a8bf599a0fba09fad82ac2309adec93d27eb930ff420e8cc559b2abd3e
-
Filesize
216KB
MD53d8f56f857b656f3a84b5c2e8b94b34f
SHA1cd2218c8d7e579aeb9080137c4d1330ac371f5ee
SHA2568dbc9cd4ee9938b9a8c30150edf9b9fc3032de53eec6ff9331cd68e06466d929
SHA512a90c1e67d2de81a2ced6bac36db41fce6b96fd94fc56f4919a99d969982dec63a3d2f8879a216eded03e7896fe80c1b1fc7145a0f899e0711e008120482021f6
-
Filesize
216KB
MD5aeb4e0ff669858f3b033b2931f3b75bb
SHA1f2598795af7db62a8e789d15b7cdd3b7bd505947
SHA2565cd360f43b4bcb887cea65220d3cc3faa713b22ad32d62f6203dfd9ebd51d1a9
SHA512aad0b209e3954d7b5f6f2e16a15db69a6539010ecd04e6ccc754b1b4f4d8c69307300ea2fe1d86e4d3b4a22322311741928805676eb297f9b9d5497762026b94
-
Filesize
216KB
MD5b9b9665d1cdf31bdb2c0b01959362f65
SHA1a5dfc0fc53ef9237ecb3d97defa9f06f648302a4
SHA25686f664d19be6ab9e59797014bb6d8778263a9080529f585098a1599619966fb1
SHA5124cd6457ff5810b7b55e3858775dc7ec1e89aa9311f3c3ee937b21f5017c6eb5ad138d4e065589207a7bd581e395f679a0d955fb89d8e1cc15980c23acc1aefc1
-
Filesize
216KB
MD5ab1e8869b79271106e960a549f3e35ac
SHA18821217807f8fa86dd24b02511b79bd929443512
SHA256c85e341f5a0b23f97aebaa1b539073d832f5f0137fe4ecec1cd8e777c20d725a
SHA51200392c86e961258ea24fa571a9f8c1c1c5cba9389ab1a23bd5967f050f24436303ecd3b85f14ed8536f3a43e623c0ad83a4028d5c500b1feb228f28303fff4e3
-
Filesize
216KB
MD52462c755625ec3655f771cb2cbec1ad8
SHA12bb50efaabb44eb33f691dfbd41db3a209fb62fb
SHA256275463089af4bd1a0de9c1c57a72cac76bcc648e053da55cc4b93ca39a56680c
SHA51296c383fcda87decc9710512dd5a29a4de0a5210b5879d82dd393f3a19c2c0691b1cdd2c42b5294c9cfb3567bc38ee29db2ff9bcb86c10c2d0f06a227da562ff1
-
Filesize
216KB
MD5e0b33979f47796849a1d96c42d9ece36
SHA1e3031e35ac6a8c6efd242fbd49e7faa831303907
SHA2563d360bf2a65c366ca3cd4a8245cd594a5d8c365e834e7aea1ba267d869baf1b7
SHA51218ae332706e73d9eb95846d473cf7ee5b90c099a03a1c36d466dbfb131467ec0db294d3e1aee355353878d08068922e2a110819ff1aa21be709ae6b498e07e06
-
Filesize
216KB
MD508d765a90f0af4a0ed786f273fc252f5
SHA148b00a1be125f6ff3efdc21eb6d9c062e1967524
SHA25639953cd4fdd63b2363720d592b0dff6874f7c6923d3715a9ce0e05a72f15dfeb
SHA51217de117c774458fc7e476825c28003d5a81602f0b315a930f4c3964664e590850d5d2b03b5c8fc8c8f6072a20659013c90bce17e1943067112b456b59411fc9c
-
Filesize
216KB
MD57f9db7da03b5f520a76e5325d5834609
SHA169fe549c9e8989684d1ca359f9f27a1abfd2b443
SHA256df59a8fdaedffc880b4998c0a7d4126cea73920bacd44afb3777c9438e66d935
SHA512b84f4421f0550b431f2983c2d38e9ea6e5fb17f6c20a14da4318e20ace8fe20c03fc93b0635ccfd328827cf3452f0ac22686d5d9cd3714a5be8e2cabc2c07493