Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
07/01/2024, 12:08
General
-
Target
2024-01-06_3cd7da474f975728c7a6858e88bbc988_goldeneye.exe
-
Size
180KB
-
MD5
3cd7da474f975728c7a6858e88bbc988
-
SHA1
67462fb564581df2b43a5c34b5a32ddbf098e53f
-
SHA256
c2112cafa52cf87e7ae0ee50ec0539b87fc154a04c9b2070fef51fbf7e22204f
-
SHA512
99a94411e15648f18ad4faa61ce20e6a7603e7df358a980578639b0ee1c958fc3c3659774342995a5153a49a8e8e3e7232bdaa13e8968874af51af8de067a81f
-
SSDEEP
3072:jEGh0odlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEG3l5eKcAEc
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 10 IoCs
-
Executes dropped EXE 5 IoCs
-
Drops file in Windows directory 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of WriteProcessMemory 30 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-06_3cd7da474f975728c7a6858e88bbc988_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-06_3cd7da474f975728c7a6858e88bbc988_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{622CD2DE-07FD-4e81-A57C-071F4E787517}.exeC:\Windows\{622CD2DE-07FD-4e81-A57C-071F4E787517}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{622CD~1.EXE > nul3⤵
-
-
C:\Windows\{29ACFC9C-A08F-410c-BBBA-75E576740E88}.exeC:\Windows\{29ACFC9C-A08F-410c-BBBA-75E576740E88}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29ACF~1.EXE > nul4⤵
-
-
C:\Windows\{038E2DC1-DD20-4364-80EB-C8946AC5D599}.exeC:\Windows\{038E2DC1-DD20-4364-80EB-C8946AC5D599}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{038E2~1.EXE > nul5⤵
-
-
C:\Windows\{92DF545E-148D-4194-8925-F453B8C8A1E6}.exeC:\Windows\{92DF545E-148D-4194-8925-F453B8C8A1E6}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92DF5~1.EXE > nul6⤵
-
-
C:\Windows\{C135F95C-13EB-4c89-9168-1050F1FE801C}.exeC:\Windows\{C135F95C-13EB-4c89-9168-1050F1FE801C}.exe6⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C135F~1.EXE > nul7⤵
-
-
C:\Windows\{FE46689F-5F91-432b-87DF-74C33381DC28}.exeC:\Windows\{FE46689F-5F91-432b-87DF-74C33381DC28}.exe7⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FE466~1.EXE > nul8⤵
-
-
C:\Windows\{0F195E58-DAD2-4ffc-9E11-1EEC85C46D02}.exeC:\Windows\{0F195E58-DAD2-4ffc-9E11-1EEC85C46D02}.exe8⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F195~1.EXE > nul9⤵
-
-
C:\Windows\{52CCE7E7-94DC-46cb-AA87-15CEEB80AC6E}.exeC:\Windows\{52CCE7E7-94DC-46cb-AA87-15CEEB80AC6E}.exe9⤵
-
C:\Windows\{C2789AC9-69C0-4c72-830F-808C50F329D8}.exeC:\Windows\{C2789AC9-69C0-4c72-830F-808C50F329D8}.exe10⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2789~1.EXE > nul11⤵
-
-
C:\Windows\{D364487B-A391-471c-BDD1-04105C2E8715}.exeC:\Windows\{D364487B-A391-471c-BDD1-04105C2E8715}.exe11⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3644~1.EXE > nul12⤵
-
-
C:\Windows\{04A44E87-0A2C-4127-B9EC-D963735A0C57}.exeC:\Windows\{04A44E87-0A2C-4127-B9EC-D963735A0C57}.exe12⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{52CCE~1.EXE > nul10⤵
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD5f082c5d85596d5d70659c35ed7d06af6
SHA1336c99df82ba76a811feb5eb4ea0b9815677b8cc
SHA25687d573b42f5fe60e4ac3d830bf73898bced7139edb25575bbbc5b23f8f48be67
SHA5121c146ac700ab1ea8353bf79d89989cd54a60ecd14b990962f2ed57a987e27e59adb74d3e469d41c1896c925630988a2fd6a70b60194e03581d893cbf1963063f
-
Filesize
92KB
MD5b5a75a5518940776d5d638ae1da27137
SHA179e9ed045d665236cf1f31e2fd8e14585da231f3
SHA256218c61e5d58695b225691882f9bbbcab07b50d92ae5431268f9107661a01e353
SHA51235143fbb3e41a508532641785e544889c3d7ce562374ac7ae1412559097ec5830f3efe476a7c00338305e89b1849c2392c95860c44241ccb3fb5b19f53b2db4b