Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
01/02/2024, 22:24
General
-
Target
2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe
-
Size
180KB
-
MD5
519a9ee44e1923b099f49d5da225601d
-
SHA1
a16736e2704c5fcbae6df7ed58778d0794e597f6
-
SHA256
f9341249d04a4d712c8a6d7c248ffc28e8f2f779c41f416e8a5c9876cb4aa46a
-
SHA512
38342e8c2a166b541f23e3050412f88b4bc316c91fa98930fea02491981fa3280128425fd699244f0c558a2f196695da11ec6998da75de638358e189490d52bd
-
SSDEEP
3072:jEGh0oblfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGNl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-01_519a9ee44e1923b099f49d5da225601d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{91A81D3E-4F20-4bc6-8647-E31A9C0D7457}.exeC:\Windows\{91A81D3E-4F20-4bc6-8647-E31A9C0D7457}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{20A1DADD-4208-4e76-99B4-A0283343598C}.exeC:\Windows\{20A1DADD-4208-4e76-99B4-A0283343598C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20A1D~1.EXE > nul4⤵
-
-
C:\Windows\{F00DFE07-1AAC-4661-B06A-CBC2D1934867}.exeC:\Windows\{F00DFE07-1AAC-4661-B06A-CBC2D1934867}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{974A254A-5F7B-40d7-961F-64A0B70CD361}.exeC:\Windows\{974A254A-5F7B-40d7-961F-64A0B70CD361}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{96E4183F-6704-4eb0-91C1-F59079FAEC28}.exeC:\Windows\{96E4183F-6704-4eb0-91C1-F59079FAEC28}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{85D8B6D9-84DD-4812-90B3-71F207D97649}.exeC:\Windows\{85D8B6D9-84DD-4812-90B3-71F207D97649}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32467808-3A43-415e-BE33-760DD2A5633E}.exeC:\Windows\{32467808-3A43-415e-BE33-760DD2A5633E}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D67958A6-37E2-422c-BA33-A679EDE06C25}.exeC:\Windows\{D67958A6-37E2-422c-BA33-A679EDE06C25}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D615C0C5-C6DC-41c1-9857-2D50DE674A06}.exeC:\Windows\{D615C0C5-C6DC-41c1-9857-2D50DE674A06}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{75A2A211-F884-4e8f-98AA-17D59084A6D2}.exeC:\Windows\{75A2A211-F884-4e8f-98AA-17D59084A6D2}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75A2A~1.EXE > nul12⤵
-
-
C:\Windows\{0153F351-D99A-460a-8131-5A798078E206}.exeC:\Windows\{0153F351-D99A-460a-8131-5A798078E206}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3CAF6CC4-BDE1-4e9a-AF48-AE126069CAC7}.exeC:\Windows\{3CAF6CC4-BDE1-4e9a-AF48-AE126069CAC7}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0153F~1.EXE > nul13⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D615C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D6795~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32467~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85D8B~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{96E41~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{974A2~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F00DF~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{91A81~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD544a08503c841eea25c6e93942780fc04
SHA1d1b11233b86a4d75b8f5a4c56fe6fe4a72ebdbc2
SHA256d354770e4f27b21e5d8a8bdc94ea6664cb212e284540937a57eaa929a0e5413a
SHA51292b2112aa4f0d82950f9a82850b6bc424674e7d3088004f497abede432c1e32a74633506fe74dd921d3c06e3b763e9f26f5d1f0f52b622b8d5bdf1f1d196e699
-
Filesize
180KB
MD535e4775017166c91600b12335c4cf932
SHA14501bbd966d79d77c857cdd807bfb7651ff10a32
SHA25653d2eb776519ddd46e3f4850586696d696102d4eae795926426b836768f0e9b4
SHA51296fa10eca97c9536738011a070dae95b98fd03275417e538c05f54b9b4fb2795fddb3eab19b1db8c2ce211f118cfceef20efbb17b83901fc1387eade633f8781
-
Filesize
180KB
MD570daee495c063816f4e6603d3bafd01f
SHA100337d1bb5a77ce17f2b127c57d6237882141896
SHA25636346e64137840b757492e1fda6b9eb65f5f6f35dbf16c8e187c1c0b5477c342
SHA512abeccef1f9efe3d014fb8190644c4d0e1f1bcfa3799ad5f5b6284700bec9564fc0ac5ac68cb9b8da4b772cd81615f0b3b020f35047bd890e09757259743599c5
-
Filesize
180KB
MD5488d5234adc34a3f9d6ef6ba5f0c4749
SHA146fa6dd7fb0dcd8da3f3d9ae67bc81e957653c28
SHA256243dbdc1e7ab0db9a9e146f850a596d891cb925b82efab13708e9e6513eee87b
SHA512b145bc7056a915bc675b130dfe02a0a149afc019caf7097c5151cc3ffe3b28835aa6561f6b4c49b4ab3752a331a731bcdfecf66ec5142f2af628a71a65dfd3a0
-
Filesize
180KB
MD5ed36152cfa220640040e274a84fb687d
SHA13b114dca526862e61f8e2942a24445d086fe4496
SHA256ea397eb4535d1ed88f2892fc98da3eb55aad0ac624b25faa55b1ec04adf66e46
SHA512e849e9c02cc2ac817d6722459bb7657a751fb6ad4a42713a5ecad48a2aa3648ebef1d12015169ee4b47713f3c834d6ab804c80be8fa3837872f4653a8db094cf
-
Filesize
180KB
MD539c63dbf865f78d0586b62878c31bca3
SHA148e696637c5b7ed6c39c18183cdabc25f3d03810
SHA2567d1c48fc8418f13aef69fec6bd5f5984b4b2d9927826048a66c3d5ae30f92732
SHA5122e24b0a783979b64ca5b1fa548a67529b9bdd9f232376d1c593e922bbc9c089b0b81ec07326cb8fd8b517a831542312e8d901b4826314fe56d556609d12e784b
-
Filesize
180KB
MD5ef1c363993b4562b4ba64ed4ad696269
SHA1a1b3fd529a4a15d524ea60efdcedcea843b9488d
SHA25636bdea6c6888b686feb12fd02b6ac1a9f20eacf2f9a59dd9f6c42c237c806bfa
SHA512c84bbea51613dcb3e791a929a1aa9d00df0fabc50117dc91670c07f959e7d16d21319698137052b7d9353e9f8b81f1f583a75e4b9411086f61b95e2d1c2de33b
-
Filesize
180KB
MD5851f65837c0e1134336027b9dd74dd6f
SHA10ff1b09e451b3328d634ecdf90e800ecfa9beee6
SHA256629e268c969471015bca6fc1a8a188a76997603226c1be5cf0da7ba2b518edf8
SHA512622a75f88974f8afe60ec29a0e1fb0f5f14c36eea3fe3d53f3069d8a10d347bdb93c17e79698827b214343cf3ec30cc718adf6f54f97c3e23841a41c66f7c5bd
-
Filesize
180KB
MD54d91236d0fd61bc1a8e7488f5b37d513
SHA1857c2c7505e1f07aeecd22780d4c0b63bd60ad40
SHA2560fe12d1caafe6491d3a2d24b87985e6b99c69d56104eb2f7c2d2c02fd120c824
SHA51289cbdbfcfadd7e145ddc0b3e9810db716498717bd12bda1ce0fc4bb2f414fdc7de399dc412405407e3cab0535ddf83779f15fda1f9aa60f69c29473e4a7bca5f
-
Filesize
180KB
MD58109d609d23d4cb9c1ba0bdc3626db81
SHA11298995c7665dd947953e8dfbbc71293477dc5fc
SHA2566d7d33bd7459188ca89d556ca6f20f54eb9033d892e206f2df9431670a5b91d2
SHA512e9d6a87cc35b43705f3951b17bcd51aa49a7fc959269c538c3decbf60a33617b831dbc7bf0048f7103ccb9969b2f46dea2de8663970fd666093ed5fd23b31754
-
Filesize
180KB
MD57e8314490daf4664571a91c3070640c7
SHA12f6ff00ef749dec4131c9c2c7d4e4993f9ab50db
SHA25622e2f02f30bba0ccf1b83cf674cfb44fb947623445b2b011dfe3c70c49a3292c
SHA512aa19df10f84556a8fe9e316fb67eaf93c2f9e3a594a3502a8eba3f6a33a8c6ccccb1fc9d0b48a5ecfecbc431f5e226e89663fd0068ef9e95c91898c6e2eb8b0e
-
Filesize
180KB
MD5a8264e122e7cbaae324665f04477fce7
SHA1d48cb23bc533e279e01a35f7661d38e73626a483
SHA25658397730d759905a90b6572b344b7e8564593a6ff9004f7399b5abacdb061d1a
SHA51239a39ac9d6e2cd9c3b50787ce86107761cb320bffe4ee70cd034ea72d3528f511b7a6869492c80978c0516e8af0dba74f985a1117a13dafabfc573c38130b145