Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25/01/2024, 04:54
General
-
Target
2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe
-
Size
168KB
-
MD5
f495162d79908d0f44e3802b4f30d6ff
-
SHA1
24761d93baa01fb00e0937c0c2d848388125c4c9
-
SHA256
e135817364bb619c797be1cf321e92579387f36170b7d696d246ddae6e143ed8
-
SHA512
4cfa6b52b8dc629ae6138f0a0cd2aeedd21fa436b7c1083dd5de83c03e013a488bae371a231af24cd2307aedd7af14ed17354d4f92714953400eea8ee9206a34
-
SSDEEP
1536:1EGh0oSlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oSlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-25_f495162d79908d0f44e3802b4f30d6ff_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{08D197BF-A22D-4a2d-9AF3-3C62E1DB4AF5}.exeC:\Windows\{08D197BF-A22D-4a2d-9AF3-3C62E1DB4AF5}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{08D19~1.EXE > nul3⤵
-
-
C:\Windows\{17ED1227-E548-422d-9490-887FAE9871AF}.exeC:\Windows\{17ED1227-E548-422d-9490-887FAE9871AF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17ED1~1.EXE > nul4⤵
-
-
C:\Windows\{3B3AB392-9EF5-4a66-9818-FF0C44688AB9}.exeC:\Windows\{3B3AB392-9EF5-4a66-9818-FF0C44688AB9}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F2664A9A-C0EE-4356-97E3-6EE47947A2C7}.exeC:\Windows\{F2664A9A-C0EE-4356-97E3-6EE47947A2C7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5005DFE4-5E50-4bef-B6D5-901E5269763D}.exeC:\Windows\{5005DFE4-5E50-4bef-B6D5-901E5269763D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5005D~1.EXE > nul7⤵
-
-
C:\Windows\{26990CDE-DB35-46e0-BDC2-0B1D18E52EFE}.exeC:\Windows\{26990CDE-DB35-46e0-BDC2-0B1D18E52EFE}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{26990~1.EXE > nul8⤵
-
-
C:\Windows\{2380C26F-80A2-4763-AB5F-FF425C28772D}.exeC:\Windows\{2380C26F-80A2-4763-AB5F-FF425C28772D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2380C~1.EXE > nul9⤵
-
-
C:\Windows\{48ECEC00-DCEA-40b4-A8E2-AD2105C5CA7E}.exeC:\Windows\{48ECEC00-DCEA-40b4-A8E2-AD2105C5CA7E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48ECE~1.EXE > nul10⤵
-
-
C:\Windows\{F6DCBBA5-AE32-4625-80F4-A0735C5411F2}.exeC:\Windows\{F6DCBBA5-AE32-4625-80F4-A0735C5411F2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F6DCB~1.EXE > nul11⤵
-
-
C:\Windows\{3DCF9AF5-6C7A-45e9-A7D3-258BDF08D449}.exeC:\Windows\{3DCF9AF5-6C7A-45e9-A7D3-258BDF08D449}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3DCF9~1.EXE > nul12⤵
-
-
C:\Windows\{A1A6CCD9-EFD5-4429-A23B-7627A89726F3}.exeC:\Windows\{A1A6CCD9-EFD5-4429-A23B-7627A89726F3}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A1A6C~1.EXE > nul13⤵
-
-
C:\Windows\{F5F120D9-9B41-4665-ACD5-C8215F43E084}.exeC:\Windows\{F5F120D9-9B41-4665-ACD5-C8215F43E084}.exe13⤵
- Executes dropped EXE
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2664~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B3AB~1.EXE > nul5⤵
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5c3fc52cb8efe80a7790f47a2275bd473
SHA136a2faca7cad8a091e7b90ba6fe04bcdea61dc30
SHA256b75a66c6fd015acd04c4311816847974c367948d2ee2eb5457c792dd91fb486b
SHA5125b51c3d9c5c87f09709f74ee744a5144d281ca32c03f2e5c0c7159e908adea656adc0840566a9cfffd931d3b42b53a171aa0006d4ec25bb1b1255e77f40f1f8c
-
Filesize
64KB
MD577815dcaa5665ebb7be396f643d492c7
SHA15184a31c5fbfe0be25687ce39a403dc308bfdd12
SHA256541d40090cfdd5e3edf5f52de8d59c2d102247fd0bf28d2bc6bc470af7c4a12a
SHA5123b6ce836eaa5ec8ed446258efe76be69e670c792c0c85c8d12852ef0ed31e72d0147376a575b5cd48f2b7317ba8ae8e4153292389cdaa1b62ae79fcc18ec4c99
-
Filesize
168KB
MD5962b0db05b7743d7c0ed14f2231b73f9
SHA1156c91dc06f9f7d41be45d791af3385f12f7f747
SHA2565d0d6ca723cc142c19d1ae8aee1ccd914d96dbddb0bfce673b5ff08582c77365
SHA512e6cbe4e892cf74bb678c14a810b31f904b0397438e28fc30622fa5990b4b2b93e5fe60d62c26240489c3e915a7aa768ae264cefb6b7faf6c1fbca15dfe30d0b9
-
Filesize
168KB
MD5feb1dbb42fb75dbd5f2fd6deb91a4c03
SHA1fac0d2dd0b39d5e791be8146727ea4bed2320de5
SHA256e2f6ff3ee47deb41feea1d694c4b5bfb2a793b05a41b41ab6460360e0948c40e
SHA5120e9416692ca56013a3cc22b8a8740034ca7598ddb4ce66045ca5906d958cfc94098b31cc28d3154781f98bdc1fbce04b5f11c67737bab2f6ab1b05c5b42e9065
-
Filesize
168KB
MD5cfa37667dacd98b5ffce2ff488729711
SHA1c3eff00743baa327908fa89309ed920afc644f55
SHA256185885116afe3467a7b39732458755473b2b8a4d3ab1ee16fcf288b1160f52f5
SHA5128dfe0329be281aec66ae85e1a336c87fcc352ce9c43a68fc02b67219d1e466feef359ffa61b824b22b5a0d29052d876b1be9500bfd580e3ceecfd6ef121dea46
-
Filesize
168KB
MD5a2d9925b99d74e58f3ac3a3588b9d276
SHA1f2a8982f7d5c53a6dde6787e96689df4b3ed6cf4
SHA25657c1366bb9e087360bf6d019b0218aa01a8af99b5b393811e042b7f373ffa334
SHA5126006765fc408d108510246002985a783d08efd64c344ebfe75e1ed9586fb974f1a4d9ad65622c2d84c0f12b8bacd399e51582eea2e1f0605fa0ce9b5c4ea09c7
-
Filesize
168KB
MD5b2806c7c304c68d05aef51ed54cbf9cb
SHA199c5ea24fae58b326d4c65b65b54e2b5c8a97662
SHA256ef0ad466884699f32e0f880fa93a2794be4186dda745e442c697d4b254fb5252
SHA51232be7c2174d7d023fb0a0c53d3c04753bb3b50a6fd7fc36529332ad71e56161960c7a6b144149822ad6ce6034ebfef5a02a579c5beba804625bf07eac135941f
-
Filesize
168KB
MD5a89bb886c33a22ef0e7779da3e8348b0
SHA17c5ae1f7458d6eee9186767fa10d68e210a2438e
SHA256ce19e34adffb97e59d0dbe02fb110d66d46b4c35ae4ad0649d2757fac162f131
SHA512bc088fe9d359034d38e3823d2a418be58a76cb23a65df6123b68211980e9b960ec12680e0f76c0c3ca4c30a7ed9bc920f7acd5f2baf0495bebef7d47d828119e
-
Filesize
168KB
MD5e571600adf7af482121c93671975b4a7
SHA118074e8b25a8871b776f9d7a7e8676d62f574048
SHA2567af7651ff0236a913d711f6e734b1bf7f673247c34de0d6972fd48dfab1e861e
SHA5120c903e2694b4254e694669485ae49fe007574c3ab03a76d365af2bfbe5bf6269771aed8bb1d6360970e85ec72666f6a6eba4ab6642b969e2829be9ebd89677d7
-
Filesize
168KB
MD5d09cd2c7b89b66fbd665418dd45fe2dc
SHA172509de87aa3df57ae19ca4a66d392a7d180b063
SHA2566e99637ad9b9cf3f6c5b89beed881e5d5aeaaa9035bf0c41a89d52c9582be3b4
SHA512b28a6a3e4d39015d56b6c146f40c869b10aa823ce02ff62af24c83acc99f5d17bdf7a9395b9d446354fbecad984754953bf08c3c5387b33aaf52ae7746b09834
-
Filesize
168KB
MD5a8306604013293ea9ee787861d66d2a7
SHA161adcd0cede35769f8cdf7f752e5e25093baf132
SHA256ce9c390d2c9f0a3dec158a3b5eb965efa0c5ea414bfd42d9d36bee5c5c6e7126
SHA5125d7115804a395b5871959778e86d8eaad698b14579add8efc9b49c01d3f663c3f1f0d95f36bf44a5ce8f19295ff2046b2283084a2cca76cb5ec804ef3e53b6f8
-
Filesize
168KB
MD5853c365a5dc19774332b799abe3b21be
SHA1d49ae32e2e0fca777fc52022c991e59efe01867d
SHA25623e6052bcac88f4eb7bd9c7d404804eee913abc90e37c92349b3eaff496b4bac
SHA512b0a0bb1aeb2725a051f69da17b5c8c0244e5d4695e04a2b4dab4ca7c14d44c3e73d1c8178036569cae5f06fad76e45a10b9aae5cb99e47ee4b1df6f34024e550
-
Filesize
168KB
MD554397b5ef97aba440d7a0ce84ca81a95
SHA11c3c956c02bd0de4bca33cc8136cf3a80f82817c
SHA2569c6216ba98b05121821c12127207a910164008c62acf0869f9c43f66fadcadbf
SHA512c56cecacc6bd1eee02582984168506ba8138a751720e4cf7266297f98bb876891378efd553d5127312d7dc219ef40f8603aab96be14367a7e66039ac297c76f6