Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
18/01/2024, 23:28
General
-
Target
2024-01-18_df791a96419e19c6634fd1dccd7ca66d_goldeneye.exe
-
Size
197KB
-
MD5
df791a96419e19c6634fd1dccd7ca66d
-
SHA1
add891511bfe7f9ae9e8e26c4a248193487895ed
-
SHA256
88823641a1cd1e9989acaabd71dce2a1c2297e5a5075c323bef6feb88e3555cc
-
SHA512
8f7b06adda8bb3a3010c808c3bb8db6a720249843f0e5f4b1384bd3431c88c4c4b52fc6550e5dbc38f972280bdc4577c56d2f1c59bfb6691db2625497a482583
-
SSDEEP
3072:jEGh0oyl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGUlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 16 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_df791a96419e19c6634fd1dccd7ca66d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_df791a96419e19c6634fd1dccd7ca66d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4A9B6652-6817-46c2-9D65-7032906C3F25}.exeC:\Windows\{4A9B6652-6817-46c2-9D65-7032906C3F25}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4A9B6~1.EXE > nul3⤵
-
-
C:\Windows\{DEFD62FB-BFF0-406e-8C32-3D1AF9E08EE9}.exeC:\Windows\{DEFD62FB-BFF0-406e-8C32-3D1AF9E08EE9}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DEFD6~1.EXE > nul4⤵
-
-
C:\Windows\{20015EEE-B113-4839-94D0-556015DB0B44}.exeC:\Windows\{20015EEE-B113-4839-94D0-556015DB0B44}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20015~1.EXE > nul5⤵
-
-
C:\Windows\{F7799EAD-EB03-4f22-BA59-779DC36D49DC}.exeC:\Windows\{F7799EAD-EB03-4f22-BA59-779DC36D49DC}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F7799~1.EXE > nul6⤵
-
-
C:\Windows\{D6CD30FE-92D8-4c73-8A7E-882D47820A6D}.exeC:\Windows\{D6CD30FE-92D8-4c73-8A7E-882D47820A6D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7CD04AD3-D4D8-4228-BE87-C21EBA4B0422}.exeC:\Windows\{7CD04AD3-D4D8-4228-BE87-C21EBA4B0422}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7CD04~1.EXE > nul8⤵
-
-
C:\Windows\{B357AE8A-2157-4ae4-8013-1741C81CD59F}.exeC:\Windows\{B357AE8A-2157-4ae4-8013-1741C81CD59F}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B357A~1.EXE > nul9⤵
-
-
C:\Windows\{7B8167D4-96B6-431f-89C1-4CA17486BABF}.exeC:\Windows\{7B8167D4-96B6-431f-89C1-4CA17486BABF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91119144-BA47-4a71-8A15-6419EB5C4D99}.exeC:\Windows\{91119144-BA47-4a71-8A15-6419EB5C4D99}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8F647DFC-2750-40cf-8DC5-16BE065F00A7}.exeC:\Windows\{8F647DFC-2750-40cf-8DC5-16BE065F00A7}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C94B436-AE81-4e74-93A2-9D287686F5C2}.exeC:\Windows\{2C94B436-AE81-4e74-93A2-9D287686F5C2}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C94B~1.EXE > nul13⤵
-
-
C:\Windows\{F0980F49-B17D-41e2-8B67-A25FAEBF952E}.exeC:\Windows\{F0980F49-B17D-41e2-8B67-A25FAEBF952E}.exe13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F647~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91119~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7B816~1.EXE > nul10⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6CD3~1.EXE > nul7⤵
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5653c7da224b050d8bb4efcc48dc46235
SHA1135345d4d2cfa5493a0c8b9b4af63f764d765f32
SHA2565109a9b21f1d455735f05436fc8b4bf90e90a5c70ccb59e303ae752fc0c19094
SHA5126e7cbad54a8fc985282157d4b306101399fdab719cd5a601517a2af4bacb67805310922db08d7119ce6eb67d8164f59566f0ffb826cd8051dbaa3803cfffc7d9
-
Filesize
9KB
MD5495d6f760d8a339e3b49bbce35db1029
SHA134591c014786b24543840b16de2a68a773a700e2
SHA256f8104f50f203a03199dcea1b1640fb3c66fe94771d7ff79c921f49a72abb9c4e
SHA512dbc4b4d8b5a2c68ce60a50828568bb1c6eb2f096aaf26167e3acdd4e11fd77be6e5d16767cfe9e2ebfec67cc89e3044b18dc69b5190c64bfab924ab56f7531a0
-
Filesize
197KB
MD5474a8e824c92abd005f3bb5181c63618
SHA1d9bf832f1793e0ae4e95237e25b0dedc3394cfec
SHA256952ad1c656096063484935ff98fc004ba138242eff84aecf2253d81b05a60e90
SHA512ab90c00b2b3347b5e9d49af057c7fe7460b7319503dbdd450b69c2e76e9906403370a8ef0a4c933c23561f24e736b7d16717faef08101e0d4634425feb4524c3
-
Filesize
197KB
MD58e10d9ef84236a635cea3787656ac157
SHA17ca06a15af176c5638e59087ca36c8bdac5450ed
SHA25692e21ef9d9dcdb1c632c1bc4e07740c846d645db58bac9d4ad94515a32e4c401
SHA512c9eab893967e71e27ef780e8d0b0ba18355e7b36bca51cf63b80c49b702ddc860b4e5fd996b94c32b75665065be0ad27f8e700101a657217b45ffb235fc36785
-
Filesize
197KB
MD5cee8cac4b00bf086efa700ed5ab3c1be
SHA1cf0bb079a39bc548b4da7aa6b33b7425954e332f
SHA256c15bc4a779ed6fa13be796eba2ae8b05267c2de0ebc894f2a4cd0a0935d15936
SHA51212d65602f5c6e210cb052feb6867baae7bb943dc804c7aa24da74f21557e0d12ca301222fbcc48b010b1228d2a57f4380b9010f42b6fa20ccb2585ffa52b833a
-
Filesize
197KB
MD53cc13df2e02cbdfdf0f7c87ce1f2cee8
SHA11d79c7f92c1c4ab3103f0372d3aaa5445d35b1c5
SHA25678f1cc0390923a397d16d4d62d930374482b453e2bfd65747fc2b4a87127aa61
SHA512ccbdd30e14a8121265a535273ac9cb6767cd53e9287a9a46cce6fc1e1e107c00447056b341819ad2ea9a0fa3c8b4e85cb257a646bdd4b995870501850880780d
-
Filesize
50KB
MD5d30dab0062adbd50520c6d50e386b9d8
SHA1fab5f567e547ba08a4299cdf4504baac9c4ebcfd
SHA256a6c1e52b3e1cb23d605c36b99569eaa6c0943117d0faff6b238ba60c672bf04c
SHA512fc421215eadd09e810c255396d99fb7e94c18c1509587f479fdb6ecc18ae89b6f4d51f75af522d1de3e7908cf316c9966a3cf22134b586f4b2eaf19fae43416d
-
Filesize
161KB
MD5570ef701fcb6699ba0ab46a7ea291a0b
SHA1fa5b007593b5f1a99ac8dfd03582227ef0ffce59
SHA25627e9ec9f124ab2566b93d83195fa49be2b44c188438c844433e828e0d439cd57
SHA512d2f69defc048dca9c2fe7c215d7b79b46520b24118a19c45162a856b9b10ee37eeb664bd24c500c748478930b871e95c499dfc7125192ffc5c2f909df900af70
-
Filesize
197KB
MD5700bb0944bd91a1cf05c1891c9e4ec0c
SHA1f9bed33f44384623000aaf71b09a3d9496b2fd2e
SHA2561761ad44cbb76f9dd770d63add6c90468be1d4c3edebee1a1476b720bc991821
SHA51223269aec84763e291b53b0b61387bad761fb9523ea05f5ebff9641c5dd1e49021fb41180664957645e3c3e8710adf988bb1b9cc2890f346c9f413855d0b9b132
-
Filesize
197KB
MD5034686f71dcc5f8fcfb947c50fca8152
SHA140b9165b4d04d45a4be7e0c10c9ee1d55c1cbd3b
SHA2568c6af831291041d676dba9d95e73112c60c7851ae5c13dfdc496066719da5246
SHA51277c45a6e1c8df551aad246738e3fa3a93609203e796acc7fabacc9b7379a2e0d46e293fc6a4b82e349ac30ce158044b9ba3f597d8cc65622e993aaebc645fcbb
-
Filesize
197KB
MD57c8a0ff4f1d422c1b6ceb728098770aa
SHA1f6497e27c6e5e12e6a5a0c57edb46ebf76a04831
SHA256f840e2c12094a02df1219f6a177db43164f1ab297c60c41312bc30a4e562b4af
SHA5127aa411c696b78d359bdb1312f4e40978f0a1306547ad9cec1d7147e5390bd6214264c511ab257bbe6433789707605e2ad2cd6bcb583dd021f7dedfe50baa3828
-
Filesize
57KB
MD519795dc47b127458fbd7b1d1d093e182
SHA11340037ddbd78f0b364eccdb01128619fe164faf
SHA256231bb27287b74b4e73466abfe32d87fd31847d89f1ea916ee6e7bbed595a07ed
SHA512c07ffacf12ef41e1561c7ba056aa44e23c6a481dc736dba5b5114caebc22410ba390581f3bafdd2f7d57afb30e0112002b845ce0aec3efc6e42cf5de01010b73
-
Filesize
11KB
MD5906e04706ab3573908a6aa583a546f34
SHA1d01060d5a6466e28df9f0f46ee43261bcefb8ca3
SHA256f97a763d13f99df43f7afaf0dde1995bcf0d5eaa1e4bcce9e86a98e01b415591
SHA5127e109510acf39f2b45650451f04b0c62f9ce7c1086a57c032be67992cdd6e07d50406bb9a0d7365450ff8cedb10b069640ea990bb63316fdd27c6fa0400cb235
-
Filesize
197KB
MD5f3c7b0723df3dc9e0b1eac4ba2759436
SHA1e00861883a469b0244b9d02b021ec14e2707dde6
SHA256b19d1e13958f4216bcf2492cf10b8a386c1e7a95f3ccb3255adbaba29ca74813
SHA512f899cf67c7ffdc673fb7db328c0dc7fe35e8b2752bf73c36a310f306ba0c3e9af457e8cb502b16c00dde36b682901e840abf04e48bf635d043f2f5049ddcfa7b
-
Filesize
175KB
MD5de163b95fec44ff24a3b96f77d8863ce
SHA11a00be4c91ef916e0c31b0a39b8e7818ecb5e4eb
SHA256a8db7ab481de684ba32aafbb6028fee2415b16498c79f76fea44402db04c4085
SHA512a23f7c673474a6794dbb0d03532a223cc6d345f90de14f7d0f9bf97b21be2af04b15a66beca44a90a800bdf5d26f116db9ffca0cebd3975d0c7d662d02175593
-
Filesize
197KB
MD5b803848b6753faf1e268870135ac517f
SHA1c0c0abe835d65cc9e0f99393823ee21dc25093fd
SHA256200ac50f4e3a813e94f1148dad54c332afaa64defe8fb1fc3a8728c05c971df3
SHA51286cd9d4fbc0e595e964706493f96de087e2f8775604b22346900196fd266682d91c81fcd61994fa7e9373e3d2f1a08ecb17340f8ed0ab47671d02a844225ba91