Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
11/01/2024, 05:50
General
-
Target
2024-01-10_5e2f5924e8e7b011f89e6486a9e07f3e_goldeneye.exe
-
Size
192KB
-
MD5
5e2f5924e8e7b011f89e6486a9e07f3e
-
SHA1
f1681304f8a245b5dacc83c715254f2b633c3865
-
SHA256
7f7802586d8a8472c44d6c32b1e5d1f146e98721b98df9e6f626bc904fd35d58
-
SHA512
6f7222fbccf0494ceba3abede9813576fe3563f6ef00bb0b619980472f4a031ae1025c5ee8739ac02463f847152108ef1f8aa467544a954b89ec18c8e8194c8d
-
SSDEEP
1536:1EGh0opl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3H6:1EGh0opl1OPOe2MUVg3Ve+rXfMUa
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 22 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-10_5e2f5924e8e7b011f89e6486a9e07f3e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-10_5e2f5924e8e7b011f89e6486a9e07f3e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{9D73BEF0-1A59-4433-9EBE-1F1865A68BD6}.exeC:\Windows\{9D73BEF0-1A59-4433-9EBE-1F1865A68BD6}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D73B~1.EXE > nul3⤵
-
-
C:\Windows\{34E36A90-1977-4111-ADD7-A6277D260AA1}.exeC:\Windows\{34E36A90-1977-4111-ADD7-A6277D260AA1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34E36~1.EXE > nul4⤵
-
-
C:\Windows\{53E0B365-0BAE-41e9-8C3E-568492CB6FE8}.exeC:\Windows\{53E0B365-0BAE-41e9-8C3E-568492CB6FE8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{53E0B~1.EXE > nul5⤵
-
-
C:\Windows\{E77A5FB9-6C36-4401-AEB9-6E9F19F2A808}.exeC:\Windows\{E77A5FB9-6C36-4401-AEB9-6E9F19F2A808}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E77A5~1.EXE > nul6⤵
-
-
C:\Windows\{2DC22776-7352-47a5-A32B-2FF61C01BB14}.exeC:\Windows\{2DC22776-7352-47a5-A32B-2FF61C01BB14}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DC22~1.EXE > nul7⤵
-
-
C:\Windows\{F24331FC-DB05-463a-A6C9-54AE0DA838ED}.exeC:\Windows\{F24331FC-DB05-463a-A6C9-54AE0DA838ED}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2433~1.EXE > nul8⤵
-
-
C:\Windows\{A2CFF69E-7355-4ba7-B659-8B7BCF5BC4B4}.exeC:\Windows\{A2CFF69E-7355-4ba7-B659-8B7BCF5BC4B4}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A2CFF~1.EXE > nul9⤵
-
-
C:\Windows\{9DB733CF-544B-4082-928E-22D246F1818A}.exeC:\Windows\{9DB733CF-544B-4082-928E-22D246F1818A}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9DB73~1.EXE > nul10⤵
-
-
C:\Windows\{D21C55A5-E2A1-426c-9C47-A38BDB02A000}.exeC:\Windows\{D21C55A5-E2A1-426c-9C47-A38BDB02A000}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D21C5~1.EXE > nul11⤵
-
-
C:\Windows\{88E0ED01-6697-43b0-88E0-130FF95B1F7E}.exeC:\Windows\{88E0ED01-6697-43b0-88E0-130FF95B1F7E}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88E0E~1.EXE > nul12⤵
-
-
C:\Windows\{4B4D47F7-E4A2-4365-B018-2ABD4FEA80E1}.exeC:\Windows\{4B4D47F7-E4A2-4365-B018-2ABD4FEA80E1}.exe12⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB
MD5c86e03a50c5cb58b578f43df1bc123d5
SHA153028ddff4af0e8bb3243e6969026b5eee74b6e7
SHA256904d83babe7eecaa7348c3ada890c9435c6c196cf9f46705715a31d2b05eefd6
SHA51284bb2602020f87a23e1b2dfcf80bb68f8a921ac374e03c7f5aa587c020db33c1bc91b61398678a58f063b85e5fab888bdd86b1f620691fdc19aec1cbfe72a6aa
-
Filesize
192KB
MD526558a397d47086d3f1fc73cc13e5060
SHA105171a51f180c49a68fed1730ae64850516471f8
SHA256dce3cbb7aa247b6cdc7b133f6c4c6c5ad824979417e102e2c34b4bdd28a8f573
SHA5122573a7a9bf8968ccb898e86df0c0fb05c2a1afab41371a8829ade98c6ef1f217b2b6beb44626018cc40626ce28f0f1f781a14b274881e4d670be9ed81f5790e1
-
Filesize
192KB
MD58ae85683a3fba501d43819d6d5cc52a2
SHA195166672fd3f90ce469ada385ddf4c768ce5d10a
SHA25636d1613f8c341bd5210224648120bf2d1438a83f0a97ca381cdccd8a82a24028
SHA512856dcfc1b60d1ca8397aa44d28a9676bd34e9f7e2610a400b431622c0dab2100e70a049dad0bf9d9f19be1bb8c595625e7777787f9082ea8ea7878bd32b52b04
-
Filesize
192KB
MD548461a32be69db512265fe6d0e974656
SHA12d4ebd9712404e6fa41681125a6b307cf2a076e4
SHA25618432707f05c1ca3fe693eae24883ac7607f9949304cf5d61d9a25cabe4a85a3
SHA5126a980a753ad8f738d8c90b3135e2aca3bc92682ed3c789452de291b6cb6bf22285ac36fefa42ca9e1604c0e5d0840d2c80537356fa300b20c3f63aafac0c32f7
-
Filesize
93KB
MD52f99fe8b6d3d952d0da57e9fcbaa0c93
SHA14655aa69ef631f03838c0ba5b58398f66cdb753c
SHA2569f6dd9d1669ffcb193c316e0c5af8d1b9500996a1b110a9ec67333f89be6d1f1
SHA512789f943b36c3814432e573c8663afbcd0862c114d6c3ab352bdd3fd54888e0e2f53383703139942cc3fefae469f1ea9a23561d6719addf94d0533aba4faae34e
-
Filesize
192KB
MD5a2a0cfb3d38a4b2fd9c949b79577606d
SHA1037a6bec20306ad7a37865882a639455bcac8dca
SHA256bcf7e0934eb777df3ac00c4f638f2913048be3fe5866cbee6aa64e9252952fda
SHA5120563abccfcd150054af54c98a6ed62c7d77d38f454a2548236f9a3c1c937a02903eaf8b39bde1ad7498b08cb623edad8533defebd765f2eb8f1ea38a1c91cdca
-
Filesize
86KB
MD574c8e1888072687c65b872536789ee58
SHA1b4db19cf9e590be4561c579ba737ad6fca03d523
SHA2567050a90141a5c10ac51eedf9a5ef64c3eb290f777310bbff60928e60ba98f961
SHA51211bc97b5b451d7f2e71a5ea5f400233d7b87e3d41174c7ca5970e1299e9c54bd5762a226e89e76e3cbc1545f2aa8bf1ceef8c737e0dd0cdc51cd00be6f0f0995
-
Filesize
85KB
MD50e50241b2eebfc970029df5782c05abc
SHA1309e5e86e460de776f9f1909aaeb126236ae97e4
SHA256910fcc1eab7368545c64a640011ed27aab63938046c48d8c4a374c24c2474056
SHA512813cdb54030881d36f0b08d11a125511955c5690f7c377c1dfb5a4b7a1866bf55b37d8674feaf97cb2612fe294720c9d9035374a7ac50ddbbdb4827c625aa649
-
Filesize
192KB
MD5bd1305d787f418d2a06c694fc22d58bb
SHA17e51e24d4bce7b16b747d0c1faa1edc8aec850ed
SHA2561e9bee1b1b9625ae649be3f7f9c6ee8f00238aaf43b895feae2afd07ccfa7405
SHA5120bf41cde4d6463d0394349683cde67ec50cc18047d56f4f9f4394cc12bb7cfaf3996664f6e8a825b6fd67b344fc622753089669201b85f4d6bf1d014f9ffbcc2
-
Filesize
192KB
MD502d4ebe80a53d44678e529333a3b4f1c
SHA1e1ada217674e8864c9bb5dcc3593de94c4782a3c
SHA2565b4a74d6043b50526f03398ef137d0a05cc880e358a39ebef79ab226a65b9499
SHA5120424fd63693901132034d04b6e68bdb7c7056378dfb4ca46670ab3b4542933b76d680a1dfb0ddcb2cb428dcf5224486f8e0b06842372ab8fd417f75fae7a8b52
-
Filesize
192KB
MD560b2c0914bc659beef95aa5d8b4df800
SHA1c8b1707ebdbbe4af9f1d68cfe78e11ab41121c81
SHA256f10156afa6de9ac1bee1544a105b67a0e0bfd12bebd7da1654ce620e2e6610bf
SHA512f6fa44939b0bf1b2b78ba944e07d68a86efe55dc6cc95e938fefad253a985e8afe58e8599bf30fb8a411ff9fa58875c139018b80f8bda8aa3fdc066e4b304d7f
-
Filesize
192KB
MD5e1da11539b3b5f785980de225b5a58ad
SHA15f75c6e131dc0e4d5154ee268aba15cb7a071c1b
SHA25639c7d2533b84f635a01fa4b1060783182d6d14946a58329a19fec3cbf2f638f7
SHA5128415035df3531bc14be649b2b053ea97c36194ba075935a92f7aded94479a600971b84641a3ddc1e677776ea5b2574ff985e50d32a5914dd5db4593d4f1babec