Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
-
submitted
23/04/2024, 07:29
General
-
Target
2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe
-
Size
344KB
-
MD5
34b2bb095275220b2aa79c0b5d9a5018
-
SHA1
cce663ac649d7787d19196e64f241617d64f0fdd
-
SHA256
c98ac18bb2d4f638ebc2bf4bd3409294a3169d87050fc38a70a126451422dc46
-
SHA512
799735cf88ec649b26417c474e2574e98068248ca29461d0922aab00b18b02ecf7dce7138ae603aaa6403ad5231fc5eb0c91ac08030552357812dba4d763fef3
-
SSDEEP
3072:mEGh0oolEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGKlqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_34b2bb095275220b2aa79c0b5d9a5018_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{49DDA70C-4332-41ec-8F4F-BB9BE34778E6}.exeC:\Windows\{49DDA70C-4332-41ec-8F4F-BB9BE34778E6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFA38540-6DA8-48f5-B350-F9E91FE7D505}.exeC:\Windows\{EFA38540-6DA8-48f5-B350-F9E91FE7D505}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FEBC3603-955C-4bed-80D0-C342CAA540E2}.exeC:\Windows\{FEBC3603-955C-4bed-80D0-C342CAA540E2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A0AF291-336E-4c46-8374-DB53E43629F8}.exeC:\Windows\{2A0AF291-336E-4c46-8374-DB53E43629F8}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6A7728BA-85BE-42d1-91E6-BBF6C370637F}.exeC:\Windows\{6A7728BA-85BE-42d1-91E6-BBF6C370637F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{970E203F-8DBD-4ac8-923D-AB14C748B4CA}.exeC:\Windows\{970E203F-8DBD-4ac8-923D-AB14C748B4CA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A042B59-39D9-4f23-A32F-AA4A830BBAB1}.exeC:\Windows\{2A042B59-39D9-4f23-A32F-AA4A830BBAB1}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DAF60087-486E-40e7-A9D0-DDB32954E1FC}.exeC:\Windows\{DAF60087-486E-40e7-A9D0-DDB32954E1FC}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{434BB81D-6DC1-4dac-836D-0A3A07B1BBB0}.exeC:\Windows\{434BB81D-6DC1-4dac-836D-0A3A07B1BBB0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7EBE90BB-FEF1-42b7-81D0-679D9CE99A2A}.exeC:\Windows\{7EBE90BB-FEF1-42b7-81D0-679D9CE99A2A}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9765ACBB-975B-400f-8BD2-E57706FA0589}.exeC:\Windows\{9765ACBB-975B-400f-8BD2-E57706FA0589}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7EBE9~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{434BB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAF60~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A042~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{970E2~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6A772~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A0AF~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FEBC3~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFA38~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{49DDA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD5f88e73ec1ccddd42aaebe65f74b8b54f
SHA13c6a1f61be3b1a565ddfeee872239488259b935e
SHA25650ee43ad25c5f9d5b0187ac9430aae388bd82d9540b69a7db904dc61c2fd07ae
SHA512345b971a94791409f68c9415b9836af466dd2ddb66021c88ce378fbed94544dd6d03b08b9576a38acc196e59c0d724da04efc947267661430d585099e477b577
-
Filesize
344KB
MD5926e375dd053334aeb14ee948c4d2fd3
SHA1a69e00cb01b871e4a46eea748a44398132566e0a
SHA256ed41b10b95f723eff4bb2347100dcded2442f286141d3a8146fc8009653ff1d0
SHA512cd9b63f809fbcb57be475f577064d66effed20e1a95f6a2a98f33ba81d3d16ff92568fc04a69938dbd7010df541453fcee29aca0dbc03e31d538eb2b72c23e0f
-
Filesize
344KB
MD5b7bae647882a6d1105f8267e2102c1c1
SHA1512fc2f04ff6872c985ac349cb9d5edde0fba4f9
SHA2569c4ff457a9219da8ebb7606513725f73d605173575232fe36f42e9d7b4a22e1c
SHA512fd32f9a3021021b401e1d264c514c38219f93b72f5e97fe34967642a05810a1d3453032a9878566666faee7fd0571a50015aa740cf5d7456d4bc771379f54b8a
-
Filesize
344KB
MD5a2333944b19c6ed378eeb95c3f1a3501
SHA18e239bf1d314b82a4c5bf47c3c9345ee1765271a
SHA2563aec302a8bcc568c1e116676f96f01a8c5e2ee3701007e689db0266c06d3da62
SHA512cafe7b301007a1425780416ab8b61007723232850157c3581b2196814bd401193c6e41cc1132696d4065c5922937a115bd535bf58791935153f070941fd331f6
-
Filesize
344KB
MD50d6d37811c20abd1166c3d350734c99d
SHA1f9a95e800f8dca6e5200ca2921e3733e34900724
SHA2562de0d047ea5ab089a02373ba4733a72f8c25c17bc47793e839a52555fe211743
SHA5126703fd40a99911af981f9845ff0c2f5e8d4e338afe43009b044261250fe691d2e865bb4a33549b8fdf4c9a9adc5aa251ffdee0613e5676401f021a8bdd960dbb
-
Filesize
344KB
MD5ab20e549ac59a7f2a80a57ffb8858ff9
SHA14748f1993ae8f9dff43be0a5e671d83ed748c86b
SHA25653226ce80f70f4af189c2836a63a748159b91ca7aabf55e41e605841edc568de
SHA512404ce1ece5105a2fffe5a3c2c12745aac4ddd535cccfb5e01cae3139836ea928c10b5fa6e7a038f2ae08bf6cdaf110f1b24ba813e1af5d3d0cbb65f75a3aecc3
-
Filesize
344KB
MD507ea1ceac26b4747e69253d45f313905
SHA17df00f15a508830bb49fc0555e6a9f6c098de687
SHA256d0c033a9bad526beb3cf91df881df80505c26d3aea4f2c2cc17b6a16ef4f7788
SHA512a7fad87e5f1b87f7e4ab509e5cfe355581f128d164f6460d52328254484733f306e6997029409ca7853b84017d345c500012083889bb020d42d7c7aa0a0bcaa4
-
Filesize
344KB
MD5819d5b5fc10287490edcbb8a203510c4
SHA1071d4f4d60491336ffe2f529b1b1ba5bd1353c95
SHA25682d4e2c1216da51f4fbab3a422c089f477cf984fbecc33f45cb7223541494b3a
SHA512a1f35b1035fc365b94c02888f71fd4e0a8e73140ed76e2473ebd5133f1dc175d8e2dfdef888e4bd1069b3dfbc6d439d0b70895f6755a8389f5dc8ba7879f6680
-
Filesize
344KB
MD52adb2f93a7354887dd099fa41556d7ae
SHA1e44cbafefc60a4ccce7c923aed590ee12314a117
SHA2565c2126b5ce6807c6318dbb4b3fe38f7e05920f1d6a418b365a3c0beee2fe21c6
SHA512fd71cc404220efad1a9bc3f2ac01b6ccf08d0aca6b5be787e5fe8292cba1e112ccf8e841aeef6b42ce2447e171bcec0d78fa860ad4b7a61e3e9766d4424369bd
-
Filesize
344KB
MD52988272fd6c074da98e7a6341884b5db
SHA1c7743bcb21270b54da71d651ad1857d959d50223
SHA256666222fa6a0b920bf5d7a912d220343173927529f03499b272bf3bfb7e9418df
SHA51295835504e116c4f6ba52599cda5b558f54fe1ae56e35e2564bee206bb249c9a7badd513a6357da12689b183167a468a61cafb42ee1cf4bbddc5073be8616a037
-
Filesize
344KB
MD5d1429739982de1ee0e05e9a11e8bf869
SHA1897b317cf41953d17ca442f273bdc95ed45ed40e
SHA256aff2498fcbfab8d06b5f9aada0b4db5f41374557c10088957ee497a7546a88f7
SHA5128dc05b7e4c3c1e1b5c836ccb93e4212d8241aa4db1827d2e089be6e2958d5b814dc560f906167089d4eaa4bce49fa1240f5f92d784faa036a28daa849e040cde