Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
02/05/2024, 19:55
General
-
Target
2024-05-02_9d48b85ba24e21c2043b38a2c8e6b03c_goldeneye.exe
-
Size
180KB
-
MD5
9d48b85ba24e21c2043b38a2c8e6b03c
-
SHA1
f746d7414adc3189cb7415e9c4b246e34ca022e4
-
SHA256
9b51f4d68fbd1578e08837cdcf4bf84b1c61fdb75fad82ba1e1ebf6df905742d
-
SHA512
9b485ace8c7937747a25a695c74cd1e78dead2de57e603c431538be8ac9bb0adab27e20e40df2422bd96c246531117c0f87436c6096da311f1ef9c96fbf663ee
-
SSDEEP
3072:jEGh0o5lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGnl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-02_9d48b85ba24e21c2043b38a2c8e6b03c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-02_9d48b85ba24e21c2043b38a2c8e6b03c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8C490406-1795-4c40-B434-48A6057599B8}.exeC:\Windows\{8C490406-1795-4c40-B434-48A6057599B8}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E601C6B6-247B-4e14-AE51-D61797AFA502}.exeC:\Windows\{E601C6B6-247B-4e14-AE51-D61797AFA502}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0DB7A949-8F7E-433a-B74B-01047D16553F}.exeC:\Windows\{0DB7A949-8F7E-433a-B74B-01047D16553F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C31E04E6-3C85-4269-9590-F93D5CF8DEB2}.exeC:\Windows\{C31E04E6-3C85-4269-9590-F93D5CF8DEB2}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AC2EF85E-608E-4eed-8812-782CCED52101}.exeC:\Windows\{AC2EF85E-608E-4eed-8812-782CCED52101}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D5582D5-E32E-4413-BFF9-15417D9085DA}.exeC:\Windows\{6D5582D5-E32E-4413-BFF9-15417D9085DA}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CC82B69D-6DBA-48e0-923E-02BAD3E0A66E}.exeC:\Windows\{CC82B69D-6DBA-48e0-923E-02BAD3E0A66E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0DFA86E-16C2-4a6f-83C3-B0F4E4339F52}.exeC:\Windows\{A0DFA86E-16C2-4a6f-83C3-B0F4E4339F52}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A015DE8A-809B-4ff2-91B2-4A199B63E630}.exeC:\Windows\{A015DE8A-809B-4ff2-91B2-4A199B63E630}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6B6D5B45-F555-4311-9EA8-B90497577B3B}.exeC:\Windows\{6B6D5B45-F555-4311-9EA8-B90497577B3B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{03A7B779-B6A3-4f7c-A305-0B45FB551915}.exeC:\Windows\{03A7B779-B6A3-4f7c-A305-0B45FB551915}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6B6D5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A015D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0DFA~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CC82B~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D558~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AC2EF~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C31E0~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DB7A~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E601C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8C490~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD55eaffb42cd10f5f588ecf7d22b0f59d5
SHA18c23407a4b3273c53f71d45a255870b5164a03bc
SHA256f0ef05766a5f3ac391cc4ec027df80c2061ad2bbe7b471fa4da30a1c6033443d
SHA5125f56371ed3e973004a8dae40205033ab795237f2179a7b34e90dfd680f9f95105b971116bb6b6251424472381b7bcaf7958d950e922e051a4c4b772c98445a2d
-
Filesize
180KB
MD51c35bac7e6288746ac77482850b7c68e
SHA144c7d11063e37e1e79ae415761bd1857214a23f1
SHA2560742558517a4e948d122abc0b471a37638b90979e378877c7bdd6f7d5b50360d
SHA512d5d2a510ba3717ff8781335b01063c7e50610b5d7de74156230bf0cb8d3246dc6c9adf1e1b36cbfcff1782067f09cefb4578703c32abadf903a760366753b70a
-
Filesize
180KB
MD5f1b61c0419fc3ad8c1b28eb9017c27a2
SHA187538a731a48c685e1f0ae757d8d5e3ce4e1ea65
SHA25695b5b68304202ff863550233d6412f679c661d819191f2f956e96bca8ec93ce1
SHA5128edfef19f30a2e8f8c216d94950f299317b4a6d81ecbd9a3a22d52ae83d64d47a3e2bfce04b43209628c17a877ac2895d6a4c044451abf64a9624ceb31832c56
-
Filesize
180KB
MD5db0c9fd24e125831aa119c11f645192c
SHA1f52d60ae9f53e039e3985524a851950bd806ffbb
SHA2560d4afe47dcc7aee03dc5e55778116726f29998c092411dd014635683fb043cbd
SHA5121328931abad4560cb37a8b8252b301c5fc3077be949595fd9f19b3b08f6f818d5e295521572d0f499a1a071aaf16da870f45020892a47e6ec1b5776705e4f75c
-
Filesize
180KB
MD556b655bbc800997adee1aa9cf190bb91
SHA105fa4d887e15f792106ab17b97c9cb33939fbd78
SHA256eb400562b3c10136b3b98802c56de0e0fd340a694ce39f4234e8395a4a5fab49
SHA512a67c77c6b9c5f7934c450f2557269de46869c341bcb33b26aa1881e99a3eab0ffe49bcc7a766bbf8c22e94979da411b96beb933f5c210240d5be8fff42d9457f
-
Filesize
180KB
MD506003c176c62716b2d015db7803d220c
SHA12b3cb4d20512374b2cf94f915db1ae918db27ea7
SHA256e4ea758c8d389d4bad350f340a64b22cdfc17ad2169e1975f4a218d76f6bdc7c
SHA5123dce5e6813848c37afaabfe47214a6c11a9bc177ae780d8a82ebb381434937c2c7431d6ab46576601c24f56eaee730a373ce791e29ccd763340eee528f3855bf
-
Filesize
180KB
MD5d769cd0c68db281759ab19e4103fcda7
SHA1cd9513e1d1118b9e514632ba6a839ec6b7f630a7
SHA25607139e7aadb2ff2e7b285ac1a8c3cb190f0ea487a05a48e18ce214fb6ddf9515
SHA512e2b6361a14a05b067afdc7f1e9bbf5979b93ed0b42e9925ce49d1d6e732e3e583b80db18afe25faedd5ed4fdac4b3fcbb1c33f2fb13aaf3232b50a3569fa3641
-
Filesize
180KB
MD51e1e49e32826097b38911a8daa583d1c
SHA10dd27fb83b1c54b20e24386b18bd5fa70014637c
SHA256ab9c9647c1ca5f02e3d1cb0d599d0c6dceaf603664456bcf65a40df17eb31aad
SHA512c6bb9d1c4c07b0bf7972041876e14eba456641a665b0423bfa966f97669b990fecb547149a18c551312ae75f7029b22a417d291cf4be41ae3d2aa4a3691bc02b
-
Filesize
180KB
MD51de2784fba7bd8467d9db5e5114d0ac9
SHA1adc1675215bd98be60384855be0fb06866799f94
SHA2562784ad29ae57bbe403c11fba25c69d4c3ff75f7ca3cbd3964654580985754789
SHA512eb06c06a595ebbf49632e8b45d0f7be1c3c5c734288eb4e77a6e6aa1033c45b20d24ae1fcc18a730e2d519ac89062377527bacf39fcff39cba9eb4e6502a1f89
-
Filesize
180KB
MD5298002b1c07b5c9b47b839e3a945dd30
SHA173509ba3695ed83863417fc4b2cb45d2ba6fb7a0
SHA2564ad384383e11eaae55cdc12b204e3dbfa87d1659be86145432a9e720a38693d6
SHA512ad44654a8a09a4e1bd087abb746fe9267eeb88986bab383f2782c8ddaf5c3f22a8884bf051d3e84f61b33916711000e3085ed4eeb6a7ce176b9b0a44f165111c
-
Filesize
180KB
MD590b047794cd66edca77ed236ca6083e5
SHA11824958440ebd2d0da86d629cdcd60d48af9e97d
SHA25652dadf8a5afe0b911716fc8d4c767b502915053de8ece622453d496f7151d951
SHA512b66248eb9a527e86ae7ee764ed975a092982e0531adac99ee121771e81891402d27da888594081e39f561806c74282dc8d20c064e1eae2fa986b9b705873239b