Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
13/02/2024, 05:16
General
-
Target
2024-02-13_d6bca638be27d6006bb3b2558e8a729a_goldeneye.exe
-
Size
197KB
-
MD5
d6bca638be27d6006bb3b2558e8a729a
-
SHA1
488da09abdcd0f5c389629aa18d69cb612906395
-
SHA256
ccfc924e49c1c1ec37335861308b0613149f962a781b5c09349ed103b89f83e1
-
SHA512
080d6e481f0f36ed898e6af5c33196b86d9e7c4eab8000425794f0229413c333d7f28656de1466d49fb30b6d5401803689779d5f75d907e109c8c21e87691305
-
SSDEEP
3072:jEGh0obl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGtlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 17 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_d6bca638be27d6006bb3b2558e8a729a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_d6bca638be27d6006bb3b2558e8a729a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Windows\{284F07A1-2165-4eae-AD04-9620714561F5}.exeC:\Windows\{284F07A1-2165-4eae-AD04-9620714561F5}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{284F0~1.EXE > nul3⤵
-
-
C:\Windows\{BE7F113F-72CB-4f58-A4EF-D903A55BDD0B}.exeC:\Windows\{BE7F113F-72CB-4f58-A4EF-D903A55BDD0B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE7F1~1.EXE > nul4⤵
-
-
C:\Windows\{2E3AFD84-0F88-40c3-A079-12C840C7E3C8}.exeC:\Windows\{2E3AFD84-0F88-40c3-A079-12C840C7E3C8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2E3AF~1.EXE > nul5⤵
-
-
C:\Windows\{23B8E389-594D-46c6-A053-15153AEE4F64}.exeC:\Windows\{23B8E389-594D-46c6-A053-15153AEE4F64}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23B8E~1.EXE > nul6⤵
-
-
C:\Windows\{B2FDF832-5597-4291-86C2-4D65FA8FC2A7}.exeC:\Windows\{B2FDF832-5597-4291-86C2-4D65FA8FC2A7}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1616A13-3A19-44dd-86BC-72C27C7CF672}.exeC:\Windows\{B1616A13-3A19-44dd-86BC-72C27C7CF672}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBA55B8C-45DA-4839-9FD6-88D932CF9186}.exeC:\Windows\{EBA55B8C-45DA-4839-9FD6-88D932CF9186}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBA55~1.EXE > nul9⤵
-
-
C:\Windows\{D0BB2B74-CD94-477a-BB9C-80F19F745963}.exeC:\Windows\{D0BB2B74-CD94-477a-BB9C-80F19F745963}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D0BB2~1.EXE > nul10⤵
-
-
C:\Windows\{2A9347FB-B0A6-44ef-B953-EFE12F70AE31}.exeC:\Windows\{2A9347FB-B0A6-44ef-B953-EFE12F70AE31}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1209A776-4196-4983-BDB2-9FF00A17D348}.exeC:\Windows\{1209A776-4196-4983-BDB2-9FF00A17D348}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B8BD19B3-BCAF-47db-B7D9-8EE3559A439F}.exeC:\Windows\{B8BD19B3-BCAF-47db-B7D9-8EE3559A439F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{37F1EA66-7288-4933-BB6B-6EFE487D063F}.exeC:\Windows\{37F1EA66-7288-4933-BB6B-6EFE487D063F}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B8BD1~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1209A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A934~1.EXE > nul11⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1616~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B2FDF~1.EXE > nul7⤵
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5f440e40726f1228016900fe074c871d9
SHA1c5fc5ea83cc59b26c98d33f70a6429bb550c9181
SHA256d8a6c63233b356f9feabe0bf9cc316140329cff4d4826c15ce95ecfb8f49fc45
SHA512dd66a074805165ffd1bca2ac4d689ea3d44bea9a34b748a127848f4028ac569b61d1e699e5b993fcd7a6779145dba2340a9f064b080dcbe0d5aaccd96cc09e51
-
Filesize
155KB
MD56463bdd97d10944dbbec83dde5c56493
SHA1c9a6e1bed8a8c513dc5a32942148ebcd9a718a25
SHA25666623f59830fecdb5f56f40928fae5c461d73aace6d3fe99758caa76426191a4
SHA512e3ad37f7781c21215b340ccd858c4ba02f7bf1d32b7a7f14202077c44a9d70422c9dba7ecf7ed8de01aa40bc9e2bd3a7c01bf70f7d8f317044c8941383ddd40c
-
Filesize
132KB
MD5a125e13a33a5c20d23444bcaff851df3
SHA18bcf5bf5db6252ec0820485c3a706a85778bc820
SHA256c0f09725394c33235c1f40b57dc1a7d64a44198dc89b8c09f725a9788f6250bd
SHA512d3fb002df2b9a962e333612e1015d482a1e109ab64cf1d1205934102b3c27092d7bc92675e30ab8138abcb2e7bec288416d9dffc44acdfe8e69d884f60f7ddde
-
Filesize
197KB
MD526780e5866bd41fc81369f3b79f43934
SHA119fe17503ce773e1a89b10a40384e6829906fc85
SHA2568316d6d8179a1dafd2e839f65ca829dc8608d14e3ed22cc38accdd4a1473d9e3
SHA5120b032066d547b3b6ab9d59da4eba347b3ce146bf3d66ccc95b246d61a0b0fca7beb22e32e268f901977268755aab90013ec6634884240fef332df9e345c88627
-
Filesize
197KB
MD5ab85f11a2b2f63de78ae593425d002e3
SHA140d79c035cc63fc52559d934b6f881db9d672476
SHA256a4c73f076d684ff30ff0f9e906c09264b918d24e200743a044091dfb73b9a73f
SHA5127c24474107946e024a6d5a38962d2e5f93361bbd8cb42101aeba8ea4d673598862b610f3a3e686a3eb88a2698de747cc84fa2153d164ba6a5c2e8f973f886783
-
Filesize
62KB
MD523aa26b84f7068be0346f1225db19edf
SHA11e91b17ec58c6386d7b5af5e656a3c9a20980e57
SHA256fff106ea69057360986afd70e61c55f170412c9cb9e487a01ff2a0b8efbf0e2f
SHA512efeb3239e0781707e2d2b33c3e270530609c23100ef237181c1f7fb5a73e98f1bcc1fb662d8061edfc49378091dbaebffdd5ba2bd767b1a0198527819d8bb166
-
Filesize
1KB
MD54bc0c8a9188ba80b6b1d123f1538b01c
SHA1f970f1d1eb981593f5dce6c92a843c45a5c93db2
SHA2568d808b2a37d78acca7fb3cf18ce2a6c378433f6f09a1700955074eec9d0673ec
SHA512c9ee2ff3915c0df23c16a774bcd2e4a8584e4d938b10e998e95e7095975d88c825c7d1d681916823e64f9076d739769afadff629f6aa608e4e14a41b9d5b5bd4
-
Filesize
41KB
MD5047f2a1e78f252b4bae0be1bbf9159e3
SHA1e7778f889c875024aa4c795f41cb8c04d8bf9364
SHA25602526af39cd467ca86f0817833187df3e844130f2a208b5b60df84257f01ef81
SHA51212b213218e1dca08e13367604753d7f9a25d5247750dcc312245d0e87d76b66e0c1d0e0e4fe100ec9bf0f628027b5b1592679f45a597f711b159afc2d668e61e
-
Filesize
197KB
MD59bd0e14da1c138e26d60db6ff8e39204
SHA1a1cd711afc4da33ab703232ecbd70bf360787b86
SHA2561173b0208c03290f64f2a1da5be7832d7a55057ec8594309893dbd59ed75fcb4
SHA5121bb8ad057728c7e247404853c3d0592505aa09e63804fbc3e8be0b36b7879f6f669964a5ce0f6bebdd081c322298b7bc30f6078e551fde64b686c58945d6b056
-
Filesize
197KB
MD5d44c167bff5bd9c83accd88aa8248ba5
SHA1f69ca059a1ccf89b7486606a9e359710d92d1858
SHA256f9031f5a439e494a891c405a74b29f2a49e113c34ba75d71f67a701331e7ac60
SHA512cd288e0ea0edb892a963c8e15a03048349dc7d5c6c819a49d55abbd76d62dfec6949a70f58a994d71f633e624822f982eae6746c77b3a8d087f9b8aa74448eb3
-
Filesize
197KB
MD5f23ebb3747711d24cab6c99f9b485440
SHA143b44276f9ced3c970a1195b1ead9fc3973b756b
SHA25627d4611220567aeb06164cb337bac3c590d0b9dd040c2deb1257ec9b84322213
SHA512aee170ee7b5024e666663da7bffae744fd5b9fe9eab02f80ef244a00f99964352c4eb21ffac7da9359fea374308fd1bc203c46b384f3643be12566c899a9ec25
-
Filesize
24KB
MD5511a68197d5eb1704189055b49154847
SHA19d0c5e9878c765282510491c20de237506ac4d9a
SHA25691525ce1b9c80dcabb6c39c9b4339e8bf4270f7cbf676208252f56e983460284
SHA512fa485c3d7b07d54fb3f518c33a97cc1197539faddae59885c5a71a6418322c21106f5df1db348d11e2ad0a88424080dc244114644a683ce3daa763b63bc93867
-
Filesize
197KB
MD542f51482a80203ce87a4bb0c9c3725a5
SHA1f2f191033d539b2a761dd1f663133b09669c49bd
SHA25646f5cd683075c5abb232e6b05fbad69bcb6171b39b0492e9d0b04e4c822d3a4c
SHA51205593f73cf88cc76519383505e1ef63d75232bca590d83ec2f130c3669012d99589a73fa8e830e6b7b0a5dc949a6393bb11474e4479f376af95167caae4ddf3e
-
Filesize
190KB
MD583b6bc6967b7096491ec28b3195014bb
SHA18c0d1c52037156a3c7adf7b79432203503037860
SHA256801632fb2f42b6198a98b7a8eebeed112dfc39a7b766a44144de3ff33ab925f5
SHA5121c66c0606a995b254876e007736ce203cc82dd982678c13a1e9ec744bf9ee765fc4f5458f83e8d7b38a3cbc676b59711a6435a5229147c5b523e72f8190882aa
-
Filesize
197KB
MD5aa0a341b276e3635caedae885ef9dbef
SHA1862200df1047be92654df836b9bb61e5cfcf8faf
SHA25688bc639e5381b817c4f810f6937bb7a77ee552fb4b24da1abcb7efa4f03ec2f9
SHA5129d947988dc5685898af91e853bfacf4313f6cc6c75a5e9b83247df417d4b336b78f6a398e733cc86a542c6cd736af1dceadc92002dfb551a3b24bf3341906e93
-
Filesize
197KB
MD580166a9b6ed2b17d61e0843c858f5f3b
SHA1dd4b21453c2013b39bca8ec2af63c91f9843cd65
SHA2561ea979fbc9530afdd5b530a24aeb75f79b942b18b2e33b52bf96f70ce4301ff8
SHA5128846521985e3c77f282b6abcfe7f44d7a0244adafde4c645064a927e515953b2bb31791421c8a065cd725c83e772ec93bed28ebc5a48f6593dd4c4e92d4f3a09
-
Filesize
197KB
MD5e72500d82b4958b5f03b19fba803ca95
SHA162e970904b3dedb3a4405373bca9bcc737e14b36
SHA25684c51e17a1976afed8df4d553adcbd351e822b25453007f973dc6523ee0039ae
SHA51276ed33388115a8cbbfa926b491c47de9f35ff174a1e5bcd97701a595aa1d35a5a800ffc4a6dc8eb072be2b9dfe5b98159d86b87592d90fb7b126fb389dc32037