Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
22/04/2024, 01:46
General
-
Target
2024-04-22_47db9e651bb826b9bd3956272695f716_goldeneye.exe
-
Size
197KB
-
MD5
47db9e651bb826b9bd3956272695f716
-
SHA1
93903c448da057c528c5abbd8cd87061d160fc1e
-
SHA256
03a2a0051147cf96b113a0f1bd31e60b2889552059d108b93ad604136a1c753a
-
SHA512
720c4286e8a7fb5849347e4724380ec94b1f14f70e25daa6b4c8f6e8617ea21ef58ebe5896d11493349837202f23e4bf6abeed12c084ca94451a6aabcd0a7344
-
SSDEEP
3072:jEGh0oCl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGMlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_47db9e651bb826b9bd3956272695f716_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_47db9e651bb826b9bd3956272695f716_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D1845D3F-A31C-4543-A997-EA60ABE7DF93}.exeC:\Windows\{D1845D3F-A31C-4543-A997-EA60ABE7DF93}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C503A1F-CD8B-43ef-84F0-90EB5F481688}.exeC:\Windows\{1C503A1F-CD8B-43ef-84F0-90EB5F481688}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A5C09C4C-3A17-4ec6-AEEF-3045E06FE126}.exeC:\Windows\{A5C09C4C-3A17-4ec6-AEEF-3045E06FE126}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F52BDA7D-4E58-418d-ADFC-7B03B2431654}.exeC:\Windows\{F52BDA7D-4E58-418d-ADFC-7B03B2431654}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{336E61BE-1ED3-47b6-9CC2-5863F179860D}.exeC:\Windows\{336E61BE-1ED3-47b6-9CC2-5863F179860D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47F31AC5-3524-464f-8BC9-CC0E2512F49A}.exeC:\Windows\{47F31AC5-3524-464f-8BC9-CC0E2512F49A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{78F0A802-8A07-4f6b-BE27-11E3FF0469C5}.exeC:\Windows\{78F0A802-8A07-4f6b-BE27-11E3FF0469C5}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{66E05A5C-AB68-477a-ACD4-3F79220D4FF6}.exeC:\Windows\{66E05A5C-AB68-477a-ACD4-3F79220D4FF6}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8E4DC026-3D15-4d59-8E5B-B09E104C4207}.exeC:\Windows\{8E4DC026-3D15-4d59-8E5B-B09E104C4207}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{678D156A-CC7A-4a17-AF8E-46341293FFF6}.exeC:\Windows\{678D156A-CC7A-4a17-AF8E-46341293FFF6}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5BD41A00-35B3-40ff-AE4E-E299A49F8FC0}.exeC:\Windows\{5BD41A00-35B3-40ff-AE4E-E299A49F8FC0}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{678D1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E4DC~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66E05~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{78F0A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47F31~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{336E6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F52BD~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5C09~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C503~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D1845~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5d303bffb6240d4d07c22131ee29f4534
SHA12aa5a7438db604dfc0941c239435d37794f4380c
SHA2567569dcc3d3a240cf18a772d7d1c4fb2c5ee6c921fef175f1fdebb59fcc5e94cd
SHA512f7f05f7134a9e4f4faa204359958a0c8a51bf2bb7c50a1dc8e448f8d0b569cbe545ae9e435cba5160e396837ac0bfc8d726c818a5118c0ef8aaefebebeedcbda
-
Filesize
197KB
MD502ffdd7fcd68842abef788ddc56a2107
SHA17b4c2e472cce9891a615afd0677d4b30f2289cf6
SHA256c233ece59d228f5bfd76f44c31427cab44e85d187ac13398312bfde9b50050a1
SHA51260129f2751d9cdb97dd7f34e5130baf9313ac597d1baf8df553bbf2b46bf31dafacc6bfcb062fd1e7866e7578d65c7c37c5babccc2a5857f9e3428857c3c1435
-
Filesize
197KB
MD5b563bd9acade7751651b18e66fb10abd
SHA17b4fb908d01ffa4ddf9c564ae120f39583ca5a0c
SHA2562cda6b77f64dfb53065b04bd9439d47d0549e34c5b2aecd477fa4ca2d3a867f6
SHA512b9bbf3d2d469b12730de09c3a4884167dc751675ffc0709b159acefd70c0d6801fefc38fcb2fe505194bee8ebe386e32090b2b481bacd4c5404b01fda2394b11
-
Filesize
197KB
MD5eaa31f6b5e8ea0d0c04992e82984a97a
SHA17e7e8a078cddacc8334c31c7b8262c35a969502b
SHA25690ae59026b00b09f993c5ae2b24ada08bd7b3ede0bbe2ae703c1634ff1f4f449
SHA5127069163443034c2bdd5700dfc50cc1fc1457be5f262a60836b22c9d8726b9528539a4953ce7eed4443073795061944e14eff64383fa700ee6e9f83aae3fdec15
-
Filesize
197KB
MD596eb13f8e778bfddec2de321153b323e
SHA12685211d62bedc26c95f15552d4a39312d5ae13e
SHA2565519ead129895f953565caaf631a786f9b4185703376d1cf075c81b32098441f
SHA512af50d2fc23be61025ec4a5682958b899b679c12a8901ddf85ebfb76b7f1354cd8ebf4a94d512f7e4563b3460471459bc42ec5957dcce8c3b58288f938d6cacd9
-
Filesize
197KB
MD54d3f66ea3c828549bd1f912236fdc47d
SHA1c82758ea66fbf9675d4465128c3057bd1f5760f6
SHA25691394ba1948b808c7309fd760750d9bc6b53e1c7f75e93acdbdf0f28a59a1a7b
SHA512c1c3aea0da97407da4c1ed10e3fb744a9c3d2dcbdcda250a52c0f0d48a041d5c764550f7fd717de3b0d18be89d522b369b9ff5d302d0daad0e088f620b44ea67
-
Filesize
197KB
MD544ace4c0b1439cc49f29fbe5ff2981d8
SHA1ce33b5497e024d3872a42e58cb2956e40b6d991d
SHA2568242332309471dc97cafc0a7b84df18630d3f0f5f24042442a80dde8fb17ae82
SHA512eeaec0e199fb13ec117ae70e1ff8f11a2308c7dc82dd58fbb1cf43abe53b06239f35527c967face6fed0e68dea0cc146cf3d63261271cc7c4a7ac8b71e14fd21
-
Filesize
197KB
MD547a1b9598f18d73829f4241def2295b3
SHA1117085bb3cb134c424e031661093a7ba2331aaca
SHA2560df5e924524c71c47dc7ac161d3f2dd096836c4623ccb738b14afc8c9ad94fd9
SHA512121fa524f10e277dedf5d20188dd79d2081ae5680d9bd0269d5ec76e09b70bc380c1254f8d03a4cd015fe51ef77f4ae0fcfde0bd6f62f0625bb159dec6c4a047
-
Filesize
197KB
MD5c9fa398f8eb049cbf6bf0d9a49c15674
SHA10c2d64bdf47d96ede2986062f4f05080d432e829
SHA2566ffade60525a65c893f04a27069aea1af8efaad17c9ff62a07eb208918f17832
SHA5123d37409c93bb5c0d7946c11da5b78c3a6be2b1c48daa5144d187366b9d2193f544f37583fb788bae64f074adb48228fd72e88dd8d77b12f103688833b48c2014
-
Filesize
197KB
MD5b9a0aefb2acf659cc985481c686537ac
SHA1a3ed80ba67c2caf52db571be563037d075c6a1a9
SHA2561f56f47d52aab90db5279ed6d1db2bcc38f9033801dd903f3937536ba1cf5a2c
SHA512f5d2dbe3a8a6c3a3eafa417d44b585573288223a69911001a9980a423a680d91914385b00adfd0a7cbdea10794334f117432ed8f77d5cfb27633b5f8683f7db7
-
Filesize
197KB
MD59716654056e35bd9ec426acf02df866d
SHA18d94208ae7816ebf0bdb27fb03daa6829891190e
SHA256b4b1bd31e0c6bc0a6d7f599a2fb8ca7bea8999c5f84b6148a8325b541edc603d
SHA5121e323492e01a07f29238f08c0ed7fcc84b85c5324c7586e19ad8d723e5f9b503d24e5b3b31f7addbb71b96dcd439d43bff305c141eb3b1801b810c1a197fb9f5