Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
11/06/2024, 12:33
General
-
Target
2024-06-11_50c6fe60659d65b9850332c8e839d609_goldeneye.exe
-
Size
192KB
-
MD5
50c6fe60659d65b9850332c8e839d609
-
SHA1
4891007093ca47fde95b885a3e6d8058488b736d
-
SHA256
4f851c9a8bd282f439d18c6c2d7a33b509b5c817e89908e138658fb699448923
-
SHA512
5fa52d00be05151071fd1a6a3f1129cf383ec03207635f345506b431c9ff4d3c7f11a56f0ad8ebb869775c4afc46ddafeb3b57a6164d692be43fdacf3aad2b4c
-
SSDEEP
1536:1EGh0osLl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0o4l1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-11_50c6fe60659d65b9850332c8e839d609_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-11_50c6fe60659d65b9850332c8e839d609_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{83444C15-8FC0-481c-B525-F39FD22FC21D}.exeC:\Windows\{83444C15-8FC0-481c-B525-F39FD22FC21D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{345C5BDC-DCEB-469c-8C14-81FE1135DEB0}.exeC:\Windows\{345C5BDC-DCEB-469c-8C14-81FE1135DEB0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{026AAFF1-66E8-46cc-B544-243269C6CD75}.exeC:\Windows\{026AAFF1-66E8-46cc-B544-243269C6CD75}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C309436-D954-4f8f-B581-DC2DF7D5AE51}.exeC:\Windows\{2C309436-D954-4f8f-B581-DC2DF7D5AE51}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF72EB2E-0328-4be3-B523-129A597E97CD}.exeC:\Windows\{AF72EB2E-0328-4be3-B523-129A597E97CD}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1F18471D-056C-4914-AD2B-95E98D8BE7BF}.exeC:\Windows\{1F18471D-056C-4914-AD2B-95E98D8BE7BF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CA0614EA-AA45-44a7-8434-A9D000C87288}.exeC:\Windows\{CA0614EA-AA45-44a7-8434-A9D000C87288}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4D7E60D8-7026-44fd-9474-75ED49699166}.exeC:\Windows\{4D7E60D8-7026-44fd-9474-75ED49699166}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7C8F86B3-EA19-4ce1-9C05-665AF7471168}.exeC:\Windows\{7C8F86B3-EA19-4ce1-9C05-665AF7471168}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{20EF4BB3-28E4-47bb-AFD6-F8CA4DFE3D6C}.exeC:\Windows\{20EF4BB3-28E4-47bb-AFD6-F8CA4DFE3D6C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{E5ABE27C-CCCF-4ba9-A5BC-3F0F964D568C}.exeC:\Windows\{E5ABE27C-CCCF-4ba9-A5BC-3F0F964D568C}.exe12⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20EF4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C8F8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4D7E6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CA061~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1F184~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF72E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C309~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{026AA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{345C5~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{83444~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD595a40eb475e706738a65b7f111720e01
SHA17d7a7a86d21467bb4408f85d0ec7b0b2d5dde57d
SHA2561bf5a44c152e917162de39788db22ff45a7f7161ddadcf6675c282f32cb2b93d
SHA51203bfe743a91063de415c17aeeb3d89d988bb8e944bd2ae008c86d97efb5d7c3972252efc1f26161c3814f1e296401148dd72ac19cbfc1a83864ce75b82880304
-
Filesize
192KB
MD5c0994130f14faf28ef3d3996f1e0a7c0
SHA17f8c321d9f7e9f478f84ae094e08d7c8bbd90e2c
SHA256b361db3da436996dbc045e0990e8021eb9baa596c34fffa6155ae460f2ada34d
SHA51264fbbf23c81e3d2d80cbf9efb466f751af80db39a0840afee32520628da052b0a32cb672b90954c460055b1bb3b48938933b93ee3dfb976322b0e8da63641bc4
-
Filesize
192KB
MD5b8c5d5081aa76b36c15ca7f1a1fc132a
SHA19564e634a2c2584a49ba0b5fd23fdc2bfaad8d97
SHA2567351fcd4bdba5481e65756217d0179e4cbf571b5db3fad6ae492cf1be426819b
SHA51231c99897366eaa12efda4459a1aa8ad1359eee6cf2fae605f340d4f5401c97aa183f02c51611376abfcdb548c7b870b8b5d28926caaca9c4754ee2764b901759
-
Filesize
192KB
MD504ce486f00284e041296ef3f006f71ee
SHA1d3756094a5ca0c6a3ef9796efd170e551917008f
SHA256fe29d333bc41246a569df7ab4c3b83bf6d448ad6ab37731e919b685e8cded0bc
SHA5120d551bb5f7d3f7b19783c5ee3ef82cf52c0b3ac2e24187db4eb3680601e5ac91bda746aa1bc6d9246abb8d0eca7e64d05a31efcb9aaffb278ae1126f22a2033b
-
Filesize
192KB
MD50e1248ac2921cbc5fc3111de0cdcd038
SHA1019889395610619f44ec20a6c5b3ac44a049e008
SHA25663574d574ef0079fe1f28528848e867786a899991946eded06a45ce033a82b83
SHA5121fb8bb47de2cc573114a41fdeffb6a7ee6a4be8d1936d0914c52a4e42fef19228907d98fed9f0f975fafa131e99addba7c47d321a7b141bb86e237864bf2aa96
-
Filesize
192KB
MD54725c2fb2b28d5d46d1af61c492bae59
SHA1acfd934dbda702b838142ef2e088b4576330fdfd
SHA256dfc9eb05ab34a436b3b093a7cf306ae202f32f6e7d917c92d0302e04ac3cb334
SHA51255d08e0cd052ec52b68d244dfb6db0aa29e9b81779fd3b9e3d5965a6c79aae8f796fd6aa7ecdb1b366a478458a09b696284e83d6a4ffa32f90fd74919616caaa
-
Filesize
192KB
MD5503ba8be2ab50fe32ef5f56829651cd3
SHA1f9b29de25258dd3bba16de99b039bee6223826ed
SHA256537343ace8995cbca7dc47cf10cde2cb7ef574473efa47f61a80908629e7fb33
SHA512176b43ab6ff43be29ccd7e93b6ac4d3dda3c261d844a66c4518bde76a19124a720462ebdb233c4db1621260dea888142f9337498d1d3144ec769bf4fb0b8b82e
-
Filesize
192KB
MD5a09a26f2386464175cc20567a393d567
SHA10f7635fdbe5dc16b94fd0c0f70314acf3ab8b75b
SHA2562aaf3ad9caabba85734f9f9cd7df5488427451eea1cb17d347ebcf3b4a906549
SHA512552f7dbdb6e8aacda638bd586b4f4a70fddb77d903c786f104bdd39db5f4ed253109115310b64bf0739c1fda00ac77bc17b6094ed15b483e12393177392d7e34
-
Filesize
192KB
MD5ca451c3db6d133fdec3bed023a7f3be1
SHA19d4b8c1dd71f080eb36899c6835b63c3c9b3888d
SHA2565e898aa50d2c820e58e3fea353fb514340335aa626d3b42082a0ffe151e31bcb
SHA512326a985fd2a631b604e791b7489eaf0ea6bcfc8ece680201d8f16b1e2409be2bfebb12089e134f3fd2da08cdb2a0cc33e704d266828dfdd47e9b6280e5519b65
-
Filesize
192KB
MD5d7b53c02c65e8efe315ad2a0258d2cfb
SHA1b77d369645bc5ecddcf852ddc5281678ecb0bf75
SHA2565b65128491b87e773805c81aeaaa12e655fa220ce55d19596db3458c843dd1e6
SHA512edc266260c568f659bad9485ea89983a65899e89513d47974b4e48f68c8128f553d3d88731d8ced66f612a0fb9293c6fdb289619d5074490ea4c73311ced9f5d
-
Filesize
192KB
MD56dde4e143bb412063cfedc9045859af7
SHA1c4a2411ae77a50f1d1725e600edf90dcdb586502
SHA256b7ab826997482c9e2952e88fd8d18ddf65109694d6aa2615cf63461d00cfa43a
SHA512d4c0cdc097ce62512df6e17de0ead7e966cb78c50b34f9a15bc20f813f50a7c8f897d5ead0db38d8cbf2eb1fc09cdb81f7bdd6ef719b8cbb0a7013832025cf99