Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
31/10/2023, 17:06
General
-
Target
NEAS.2023-09-09_2ed2041f037129158b144dd14ccd2237_goldeneye_JC.exe
-
Size
216KB
-
MD5
2ed2041f037129158b144dd14ccd2237
-
SHA1
970d2faff3e2caa8c6102d4f6747180a65eeb433
-
SHA256
ad5a719f2d9803c36dcbf8c420203465ec899740b6faab17cb0f6e27e0d24d67
-
SHA512
71d8373e19f84c303c96f522e32d4276baac9aa02cd79121c57af4973335d32dc201c74f33cf232152c3f9c6aaaa534c0c57b4d36530c61b612fd8d6e4fd6fa7
-
SSDEEP
3072:jEGh0oEl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGqlEeKcAEcGy
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-09_2ed2041f037129158b144dd14ccd2237_goldeneye_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.2023-09-09_2ed2041f037129158b144dd14ccd2237_goldeneye_JC.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38858939-1AC5-4d90-8311-0F5AF9566886}.exeC:\Windows\{38858939-1AC5-4d90-8311-0F5AF9566886}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{740DB61F-80B8-4c60-A195-D490FFD30972}.exeC:\Windows\{740DB61F-80B8-4c60-A195-D490FFD30972}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{740DB~1.EXE > nul4⤵
-
-
C:\Windows\{FA82C9A5-A32A-4ac0-8762-2C1422AF53D1}.exeC:\Windows\{FA82C9A5-A32A-4ac0-8762-2C1422AF53D1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5B765B5B-429F-40b7-B296-27DF070DBDA3}.exeC:\Windows\{5B765B5B-429F-40b7-B296-27DF070DBDA3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{243700D7-A984-4c48-93A1-538B1A73ADC0}.exeC:\Windows\{243700D7-A984-4c48-93A1-538B1A73ADC0}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0CBFE5B8-9F8C-46b1-9E55-124CF3C5A616}.exeC:\Windows\{0CBFE5B8-9F8C-46b1-9E55-124CF3C5A616}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6754D5DF-37F7-473d-966C-A14A8AD19D69}.exeC:\Windows\{6754D5DF-37F7-473d-966C-A14A8AD19D69}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9BF62A9-345B-49c6-B110-6E1EB505A8D1}.exeC:\Windows\{B9BF62A9-345B-49c6-B110-6E1EB505A8D1}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{46410D14-039C-43ff-BACC-5C966F0391B4}.exeC:\Windows\{46410D14-039C-43ff-BACC-5C966F0391B4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E89B5582-23B2-4169-957A-E3CF98312FAE}.exeC:\Windows\{E89B5582-23B2-4169-957A-E3CF98312FAE}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9DC591B5-F746-4875-9809-DEF1423AAF66}.exeC:\Windows\{9DC591B5-F746-4875-9809-DEF1423AAF66}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F0033C17-ED92-4b37-87FF-BB29F2E77C3D}.exeC:\Windows\{F0033C17-ED92-4b37-87FF-BB29F2E77C3D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9DC59~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E89B5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{46410~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9BF6~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6754D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0CBFE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{24370~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5B765~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA82C~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38858~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\NEAS20~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD59c7b764e1c8990be6199ad1c645943f5
SHA15203de9288738251ab50c403fbeb52e865e666b4
SHA25640f7121a5bd362dad839b3d4f2af5fff23f47337022876960209359fe21b7131
SHA512dca55ac0734b45825cb7d0fc0941bfdea2bf4623ed4016154facb348ec08cac0ce4d9cceea9537756543da333d78629fa267791f9d3c13701809799d2123c2f3
-
Filesize
216KB
MD59c7b764e1c8990be6199ad1c645943f5
SHA15203de9288738251ab50c403fbeb52e865e666b4
SHA25640f7121a5bd362dad839b3d4f2af5fff23f47337022876960209359fe21b7131
SHA512dca55ac0734b45825cb7d0fc0941bfdea2bf4623ed4016154facb348ec08cac0ce4d9cceea9537756543da333d78629fa267791f9d3c13701809799d2123c2f3
-
Filesize
216KB
MD5af301601213a2c1b69feb983896267d5
SHA10d492cd5a449cbe1df4d01e0cca15e6d7399ed2a
SHA25604709b20304313bc0a7070638facd977290bf491ea06d7dc1634f4c9727f379e
SHA5122cb4ceabd870c4322469ecaf2e7628e4a88f06408e242f3109981d2be832fdc1eb9709ca876e13bd17adc146f29a55ff3017fb8ce457cf46b087ab2174de113d
-
Filesize
216KB
MD5af301601213a2c1b69feb983896267d5
SHA10d492cd5a449cbe1df4d01e0cca15e6d7399ed2a
SHA25604709b20304313bc0a7070638facd977290bf491ea06d7dc1634f4c9727f379e
SHA5122cb4ceabd870c4322469ecaf2e7628e4a88f06408e242f3109981d2be832fdc1eb9709ca876e13bd17adc146f29a55ff3017fb8ce457cf46b087ab2174de113d
-
Filesize
216KB
MD56399dc4e37193b159e9880f7758079f2
SHA1a058ba545d68f629adf0181529bd43708a9ecde1
SHA2564d02fdaa5891b1d0a20a554d8ed5cb9bf24f2f738965572fb00ed70b619b2c1d
SHA512e2d22a8a4ff0a137646eb493e0ecf7db1421b6be835a5ca1215830a3615bb73e85687a14fa01baf978140823afff84e090d61598228f313d1641afbca2780b0b
-
Filesize
216KB
MD56399dc4e37193b159e9880f7758079f2
SHA1a058ba545d68f629adf0181529bd43708a9ecde1
SHA2564d02fdaa5891b1d0a20a554d8ed5cb9bf24f2f738965572fb00ed70b619b2c1d
SHA512e2d22a8a4ff0a137646eb493e0ecf7db1421b6be835a5ca1215830a3615bb73e85687a14fa01baf978140823afff84e090d61598228f313d1641afbca2780b0b
-
Filesize
216KB
MD5617c2e82513a4b2a30ef1ac3052711ae
SHA1cddba319998b2c8d73b13a7ea6649fdaddb121f0
SHA2569cb604fba32f994d2b29897d8454fbf45bfa434aa9b773864614dac95d7d2b9a
SHA512cb38299425e61bc3c660b231844cc86aae02bd237471ae7367a5ea0cad8812f14825837b35e01eb8b323c827dffaac8fc19b8fbadb49178e78d5fed39f41c253
-
Filesize
216KB
MD5617c2e82513a4b2a30ef1ac3052711ae
SHA1cddba319998b2c8d73b13a7ea6649fdaddb121f0
SHA2569cb604fba32f994d2b29897d8454fbf45bfa434aa9b773864614dac95d7d2b9a
SHA512cb38299425e61bc3c660b231844cc86aae02bd237471ae7367a5ea0cad8812f14825837b35e01eb8b323c827dffaac8fc19b8fbadb49178e78d5fed39f41c253
-
Filesize
216KB
MD5e9b901c110423bd52fb4f2f8473bf1a0
SHA186885141be0a58206e25da6c87d6ba92daae1913
SHA256098198933cac60d5f888d42597e70658d390881928f1c2cc75dc01db946940fb
SHA512f3bda7453198b2a4d1db546699983324d480c6ccd0f1590bece276aafb5c9498f6412997a37cb49c31e4053782cf0b8c400d868278faac72d7ca381a1ea631d6
-
Filesize
216KB
MD5e9b901c110423bd52fb4f2f8473bf1a0
SHA186885141be0a58206e25da6c87d6ba92daae1913
SHA256098198933cac60d5f888d42597e70658d390881928f1c2cc75dc01db946940fb
SHA512f3bda7453198b2a4d1db546699983324d480c6ccd0f1590bece276aafb5c9498f6412997a37cb49c31e4053782cf0b8c400d868278faac72d7ca381a1ea631d6
-
Filesize
216KB
MD5d94e4ab7688b12a3d513432293ede6b9
SHA1874aced9cec7a4212fdd7fa11a8887c7158d5ee3
SHA2560db55c2f49253ae3023033121050223197af31c65c49648d1c9edda301c86bb3
SHA5120047a45ff1e1b9dda445526b0bccbf0198dd242e1e34db2eeac7c08b11467bfe29ec633951553e0290e7ebcd6742889588eb369914c79b9ea7ebeea75c08b3fe
-
Filesize
216KB
MD5d94e4ab7688b12a3d513432293ede6b9
SHA1874aced9cec7a4212fdd7fa11a8887c7158d5ee3
SHA2560db55c2f49253ae3023033121050223197af31c65c49648d1c9edda301c86bb3
SHA5120047a45ff1e1b9dda445526b0bccbf0198dd242e1e34db2eeac7c08b11467bfe29ec633951553e0290e7ebcd6742889588eb369914c79b9ea7ebeea75c08b3fe
-
Filesize
216KB
MD563ccd8256cea288c9347f298ab79dc1f
SHA129a6091bb0cb936c67a117e9e5d7f1fab3813657
SHA256c15be0e84dab0030dbc995034d231ffd07aca73f581a5590ad0dfec28184f3f0
SHA512552935c9adcc0fbcac293b6192ae6313c87b830e280a765a15c00fcefc33a6afbc15b957e8ba389d9db0e30a099f096c25ee698bc3f719e628f7c34d16ca8311
-
Filesize
216KB
MD563ccd8256cea288c9347f298ab79dc1f
SHA129a6091bb0cb936c67a117e9e5d7f1fab3813657
SHA256c15be0e84dab0030dbc995034d231ffd07aca73f581a5590ad0dfec28184f3f0
SHA512552935c9adcc0fbcac293b6192ae6313c87b830e280a765a15c00fcefc33a6afbc15b957e8ba389d9db0e30a099f096c25ee698bc3f719e628f7c34d16ca8311
-
Filesize
216KB
MD51ea4a314e217029e9c4d406d27ab5a98
SHA1ef5f7450abf8f47c6275bc6d13bcb3f2f4586a9c
SHA256be2ca5fb878751f229cd657cdccc745b1f4423cbd379ad65265b2703c25df924
SHA51216ecde4b9c0e70c4173458b2c429378eae3e7cb029b2f73a877b583afe379fb46dc7f5292bb29efab1a1c00e42818d8a47329bd1d3380412af35dfa77ec1932d
-
Filesize
216KB
MD51ea4a314e217029e9c4d406d27ab5a98
SHA1ef5f7450abf8f47c6275bc6d13bcb3f2f4586a9c
SHA256be2ca5fb878751f229cd657cdccc745b1f4423cbd379ad65265b2703c25df924
SHA51216ecde4b9c0e70c4173458b2c429378eae3e7cb029b2f73a877b583afe379fb46dc7f5292bb29efab1a1c00e42818d8a47329bd1d3380412af35dfa77ec1932d
-
Filesize
216KB
MD5be310b2a659f1c77fc639076e33281ac
SHA18f809174321d7ee774a24048ba1d67a358d919b9
SHA256072a5db5f50cbb22f58110b804109bbbc308ce098fa6a649ed9df92d40ee8f76
SHA512f8fcca175647f6e97a87037a4444d382fec5047e4f843690388cdefdeb406f80e6982d268b463067d8bef8053574a82e096c72bf251d40e1af27898f99e1157e
-
Filesize
216KB
MD5be310b2a659f1c77fc639076e33281ac
SHA18f809174321d7ee774a24048ba1d67a358d919b9
SHA256072a5db5f50cbb22f58110b804109bbbc308ce098fa6a649ed9df92d40ee8f76
SHA512f8fcca175647f6e97a87037a4444d382fec5047e4f843690388cdefdeb406f80e6982d268b463067d8bef8053574a82e096c72bf251d40e1af27898f99e1157e
-
Filesize
216KB
MD5ced564b439f3593293eddacd9f5b849d
SHA1c88ca7602d4a56acc4a3346b1a0f818c7d21e9f6
SHA2565152823502b22c2e34055567b9b3f861b75d43a4c0e279de2d481b3587bc7196
SHA512774eed0fb04ea1498600fe8f84eaac366d5bcb464758b647650efb256eb53f6317a502e4645fbfd76c6558165d95fe65b9229c58142ffc580762e82d2fe12f72
-
Filesize
216KB
MD5ced564b439f3593293eddacd9f5b849d
SHA1c88ca7602d4a56acc4a3346b1a0f818c7d21e9f6
SHA2565152823502b22c2e34055567b9b3f861b75d43a4c0e279de2d481b3587bc7196
SHA512774eed0fb04ea1498600fe8f84eaac366d5bcb464758b647650efb256eb53f6317a502e4645fbfd76c6558165d95fe65b9229c58142ffc580762e82d2fe12f72
-
Filesize
216KB
MD546602e573fd9bc6cc96424b24eaec3d8
SHA11e46f690893b7da3d8de38729ce2fc53a11f84d7
SHA256eedcb0cb5f6cddf3ff27a1bd82487368d443a5cdb5370517951903ded8936226
SHA51229f0973927fc995a2f8fe48002ab062a87855aebd98398442a6d5181c278e79dedcb8bf86c9548263bab6e365f39c84dca4e2b734010f8cc3c9a15581c0b23f3
-
Filesize
216KB
MD546602e573fd9bc6cc96424b24eaec3d8
SHA11e46f690893b7da3d8de38729ce2fc53a11f84d7
SHA256eedcb0cb5f6cddf3ff27a1bd82487368d443a5cdb5370517951903ded8936226
SHA51229f0973927fc995a2f8fe48002ab062a87855aebd98398442a6d5181c278e79dedcb8bf86c9548263bab6e365f39c84dca4e2b734010f8cc3c9a15581c0b23f3
-
Filesize
216KB
MD58f303c2de63dbdea54d8a199882793bf
SHA1975bff9e3c24790177b4bcb18b2ec7d9cf1b7554
SHA256050d4400ffc69a7cc88049bd9b4cbbf0cb1edff3f2135325e27a5e97b39f74f9
SHA512033ee14b3e62c6e23fdca47dbe4ef4e6dbaaed45dbea07b8dae1658ce6cd3bbb4e0152bf60614a547fe80737d8569fa3a631f95bb1f63419dcc1c4c02465dd3d
-
Filesize
216KB
MD58f303c2de63dbdea54d8a199882793bf
SHA1975bff9e3c24790177b4bcb18b2ec7d9cf1b7554
SHA256050d4400ffc69a7cc88049bd9b4cbbf0cb1edff3f2135325e27a5e97b39f74f9
SHA512033ee14b3e62c6e23fdca47dbe4ef4e6dbaaed45dbea07b8dae1658ce6cd3bbb4e0152bf60614a547fe80737d8569fa3a631f95bb1f63419dcc1c4c02465dd3d
-
Filesize
216KB
MD58f303c2de63dbdea54d8a199882793bf
SHA1975bff9e3c24790177b4bcb18b2ec7d9cf1b7554
SHA256050d4400ffc69a7cc88049bd9b4cbbf0cb1edff3f2135325e27a5e97b39f74f9
SHA512033ee14b3e62c6e23fdca47dbe4ef4e6dbaaed45dbea07b8dae1658ce6cd3bbb4e0152bf60614a547fe80737d8569fa3a631f95bb1f63419dcc1c4c02465dd3d