Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
10/05/2024, 04:15
General
-
Target
2024-05-10_eeaa516f9071acd5506e713620920fb2_goldeneye.exe
-
Size
204KB
-
MD5
eeaa516f9071acd5506e713620920fb2
-
SHA1
5196011ebd137e449b2283419baf13dc0f9d1b77
-
SHA256
18f523602db666ede2e1768671f7d4642ded25691a9472d195da953fe89ca296
-
SHA512
7516d831a2d6fbe1fb140f7661856aa1bbceb8bbbfef3d28807fcf085f0ea489e43ad21aaf2d13201fb762a876eb6ed22379642d8d81f39fd9795fb426e8a901
-
SSDEEP
1536:1EGh0o+l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o+l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-10_eeaa516f9071acd5506e713620920fb2_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-10_eeaa516f9071acd5506e713620920fb2_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D0F0A9F6-41D8-4400-9E08-F7F4CDA9110A}.exeC:\Windows\{D0F0A9F6-41D8-4400-9E08-F7F4CDA9110A}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1774A9CC-F64C-4cff-A852-2AC33C32F35F}.exeC:\Windows\{1774A9CC-F64C-4cff-A852-2AC33C32F35F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F60638DB-95C6-4201-B5A9-6AA433F48164}.exeC:\Windows\{F60638DB-95C6-4201-B5A9-6AA433F48164}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6DB7736E-A207-4e37-B648-3D30743C5174}.exeC:\Windows\{6DB7736E-A207-4e37-B648-3D30743C5174}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE167F79-B755-450e-AE78-9098B490D310}.exeC:\Windows\{EE167F79-B755-450e-AE78-9098B490D310}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B5189626-0244-4c95-AB0D-DC34F25B79EB}.exeC:\Windows\{B5189626-0244-4c95-AB0D-DC34F25B79EB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C4480B2-621F-475e-B65F-D7BD4A39A42F}.exeC:\Windows\{6C4480B2-621F-475e-B65F-D7BD4A39A42F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FFA6E86A-F760-4e22-8975-1FA94EA9613C}.exeC:\Windows\{FFA6E86A-F760-4e22-8975-1FA94EA9613C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7C50F869-3AED-49a6-A124-BBBF372D7A89}.exeC:\Windows\{7C50F869-3AED-49a6-A124-BBBF372D7A89}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{AE9B714A-B80E-4af8-9255-45117A5B8337}.exeC:\Windows\{AE9B714A-B80E-4af8-9255-45117A5B8337}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{5AF28394-BE4C-4e61-A5DE-F5D7F35123E1}.exeC:\Windows\{5AF28394-BE4C-4e61-A5DE-F5D7F35123E1}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE9B7~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C50F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FFA6E~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C448~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B5189~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE167~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6DB77~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F6063~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1774A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0F0A~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD590953545011be68ab48750381ba5e09e
SHA110a418179763053dfd8bd7d03e1d0c7bcd05a32b
SHA256d1c3b2f6d6f9accb37f03e05df357249e700b7e98b8632306152cf93d976962f
SHA512765117608e925a823d5e78f767f3ec66077b161efb370d617475cba28760b497a65f06cf461fc2a3211526f593f5151c7aba71caf6a2f38cef8a608430af0c4a
-
Filesize
204KB
MD5e3801ef6ce4283618836a25a4c3d451f
SHA154f928decb807dfa3f006de80aeb3acb027529cb
SHA2568e7d2ea7b7967111bb97b4c21bebb6bf62bd3faf0f97320b3cfd97d6886049a0
SHA512b32c00977ed584ea21fbe0b9eb367e14e2c738f6ac82433400b6f62582107a2d619ad089150d184074c68c23ed9fa7c6bc9860b532cd2c81621d14bde2bd829f
-
Filesize
204KB
MD509fa9e3d8e82899ce828f038c2132410
SHA17dad76135ea18348f827f75804773c09fb05af02
SHA2565ad5de86ed7ec9304a10489f098ab233550b146455b3a3c1fa6dd050a8630d32
SHA512f990f9e9e1ff6b5c347a3be067321515db9d458057f578e89f78ca6cff90b4682fa125e4a563f03e09c45a3ae3e03315c2e94689920fa552c88117863f89042f
-
Filesize
204KB
MD51a7851d5374fd19ab5913d657135f7f7
SHA16c17a342fc4021bcd5a785f793f2ec67bf7c206b
SHA256068471c00a142689cee0dbccdf13326d8ab4f9683dc9dd132e06b9038176b1dc
SHA512320688499d59650811ac540d555cc01d5b0d4f759fd6d756079688de6ca00d21a1b3a488575e7dc70366fdbfecc7add77e2258a134dcc76e155b320b08b80238
-
Filesize
204KB
MD51148bf04cb342411f40e8b198f3eb9ff
SHA121f13e346ae933165f99866c5822e73e5c34ccf8
SHA256fe3bc1ed754cbe889c0cbd5849fac4347730aa1921b0e629d494e9ec92f307c1
SHA512bc7621f9ed2fd6377ed493138d4c07b3c2113f1e6c61fa9a3e96d388ecf241e88d28834d3ea5dc4d82745a2de906ff96c530225a809cbed7ed3ef7f694dd672e
-
Filesize
204KB
MD53eb60f316a0c5c0096394e07d9ba8e1e
SHA18284fdd9224cc3fbc541066704f5d27816f7d63d
SHA25605aadaa1cf69e2f7c0a1307aa2b776b7831bee4823902e9210220344a4978688
SHA512914ff835f1e3d52cdd1e9364b0125f6d12c90817c7d2615bec3437553a31c2c07992ac1edcc8f17dc5228f1bfb4573c7f1b3aaf81d97d379e9bf9d61323411b7
-
Filesize
204KB
MD5a5cfc422bfbf07e9baec423f9bb35f18
SHA1da855a82289a2ff45c2be6d8594dc0e33471f4d9
SHA256a7bdeadfe01b53ecde7fd2ce7c1a393db5e944dd24296b9795d43c4046409eae
SHA512b288f7b3bdcb1d33443afbea6bcf1f1625e314be1e3cea6b19d3869b760aeaeebb6fb0e7cc1862258d841c23c1859580cb3984dd20cc3b42ca911a86e97c0cd2
-
Filesize
204KB
MD5e4cabad7bd5804774b177df6ec03c20d
SHA15a4d05a180c5d1ce05667914f5c710d43acd6b28
SHA25615962bd15c00e598033254fc2a5443e3f296fce36a476e6435799dd978cf3f7b
SHA512080f82613933fbbb01cb80094559da6fa1baba7376fa358c01a3de9571c5846f8b3ddad2dcb0c0b580868ef38f41d1aff8fb3a0fa501c0d974d32828d47cf746
-
Filesize
204KB
MD562f93cbec069a6b729e7214882615ea0
SHA12705aaf926d4a222b403809415bca6e0eeaefe7e
SHA256633ef0fffd779ef2679f978034721e3943d5bf3c580307a222c11fb7dc4506ba
SHA512450163ea563822a990b0ba7c3af97ed40de63412c6f4c65c4323ca7662a7dd3859912ca645945c8ccfb9cdebbef1bfb76639c0baf48159d3310ec42af4615d83
-
Filesize
204KB
MD5f8afae30cf8d874f8c880f5fdfbddc55
SHA1fa429892a9cae06cb62d96ebcbc4298ed423d642
SHA2561badeebb1400cde850aacbbbde25cab9db507ce1ff2bd0700f63ca3f44904897
SHA5126f9c9cbcfc42542de11b44152ec0426b8efa6ac3e06235fdb15015e3838c3aae885532fecdfaddf56398d535514aa77e76f6430c92a10fcb3cd942b24e5d4c49
-
Filesize
204KB
MD59fc92c6818b7ae72297bce7be10d98cf
SHA1091db648933982d394d0a2cd23d18349b38da58b
SHA2563ddf86f5a38070bb29c8ab471245539b19207b8d241eff744dff78927ba5406e
SHA5127f13607b20baf7e33d21e3bb8f92d2e8b7d636d596f64f9789baefda539ea9ae9a908ae7136a5ffd686d084e46f86636ef2ed0e49c7cbfc0a6db4aa1f167fb9b