Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
05/01/2024, 05:48
General
-
Target
2024-01-01_b0bc7bff58787ec7beb45155d3d49acc_goldeneye.exe
-
Size
192KB
-
MD5
b0bc7bff58787ec7beb45155d3d49acc
-
SHA1
fa2254804db93f7035ff8b009929cee4eee176de
-
SHA256
982f72417d879885855a2ee5df32c587dcdc7019227f83869d2a81982f0f5eda
-
SHA512
93a18f35869f1745afd56e773aeda31fc8a98d29d87a86a8fbd81fcaca7c97664a9a6daaf1c069b5eb7d19048649aafdc36aeb073f9006ca8a038ac88e9b9230
-
SSDEEP
1536:1EGh0o2l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0o2l1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 10 IoCs
-
Executes dropped EXE 5 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-01_b0bc7bff58787ec7beb45155d3d49acc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-01_b0bc7bff58787ec7beb45155d3d49acc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9467132E-8DB5-4ef2-8D35-FBDB5E3A30A1}.exeC:\Windows\{9467132E-8DB5-4ef2-8D35-FBDB5E3A30A1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94671~1.EXE > nul3⤵
-
-
C:\Windows\{13E7B173-A794-4611-A3A2-23486B43F8DA}.exeC:\Windows\{13E7B173-A794-4611-A3A2-23486B43F8DA}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13E7B~1.EXE > nul4⤵
-
-
C:\Windows\{139C7C7C-6F7E-49c4-9566-35614ED9CDE0}.exeC:\Windows\{139C7C7C-6F7E-49c4-9566-35614ED9CDE0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F7F5ADE-93FB-4f4b-A196-311B6679BB4A}.exeC:\Windows\{0F7F5ADE-93FB-4f4b-A196-311B6679BB4A}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D265360A-F07D-40bf-8E6A-007C86DFFA0F}.exeC:\Windows\{D265360A-F07D-40bf-8E6A-007C86DFFA0F}.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D2653~1.EXE > nul7⤵
-
-
C:\Windows\{0AAB8A54-E823-43db-8069-10EB684CBB0F}.exeC:\Windows\{0AAB8A54-E823-43db-8069-10EB684CBB0F}.exe7⤵
-
C:\Windows\{46674780-AEA8-4b97-93F1-B193424DAF8E}.exeC:\Windows\{46674780-AEA8-4b97-93F1-B193424DAF8E}.exe8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{46674~1.EXE > nul9⤵
-
-
C:\Windows\{E845E29C-5861-4bf5-BF3C-7F57AE5BE384}.exeC:\Windows\{E845E29C-5861-4bf5-BF3C-7F57AE5BE384}.exe9⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E845E~1.EXE > nul10⤵
-
-
C:\Windows\{75ECE747-CF72-4e60-BA11-10E67BAFC8F5}.exeC:\Windows\{75ECE747-CF72-4e60-BA11-10E67BAFC8F5}.exe10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75ECE~1.EXE > nul11⤵
-
-
C:\Windows\{56A41B04-962B-4998-8F8C-48751323F2A9}.exeC:\Windows\{56A41B04-962B-4998-8F8C-48751323F2A9}.exe11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56A41~1.EXE > nul12⤵
-
-
C:\Windows\{5644DF50-9464-4369-8D6C-1D359FFC4174}.exeC:\Windows\{5644DF50-9464-4369-8D6C-1D359FFC4174}.exe12⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0AAB8~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F7F5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{139C7~1.EXE > nul5⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5198c3c0b4fd73918aebca7717fba5730
SHA1a25f1a366379582cb8e4c001003d689457caccdd
SHA2567a55bc192800885933e2e38feba5a253e00460ab2e5ac6c3d99167bfe3632674
SHA51212a03cc383caca11ed0462fc14b3a85ae6a64aa6d6b662ee587d4c00cf682f985e49728f63dd2926c20423791acf6e8a5742e05d62da8a72a5fc185b6f46299b
-
Filesize
18KB
MD531fb1b3706d00a93e568cb518d79dea3
SHA1a748523d6c3b35360cf86fb0710d9f9f240e6cf2
SHA256f1b755ad17eb4f1b929a989514b616afbfd2ded6b2c5bbdf2be1da3f9c4a1661
SHA512a6d026006297dccf0713a7397d12b92397a14fe989f04b1b2ccc376580ebb015089bf167ff35f3ec75f81fd9f97b59e9181f767a7114973eb9d873d7c55687f6