Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
13/02/2024, 06:14
General
-
Target
2024-02-13_de0e781a0c15e4170dd892d1b19a7b50_goldeneye.exe
-
Size
197KB
-
MD5
de0e781a0c15e4170dd892d1b19a7b50
-
SHA1
0870e8878eced1fc239c571df8f53d6e1695275b
-
SHA256
6106faba29992c3359e54dd8c090fefec00ad505f393c54088151402e4e06165
-
SHA512
0715005fe00e27c09ba963dce1f47b35e6b4891a170543aab05601935a2f7c5f98a1a20ded3fe185456db0144a7ccf455e3816c543bc30bfd82f273e53cf8005
-
SSDEEP
3072:jEGh0oel+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGAlEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-13_de0e781a0c15e4170dd892d1b19a7b50_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-13_de0e781a0c15e4170dd892d1b19a7b50_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DB275AF5-B502-4f7e-B82D-A72CA20DFEEF}.exeC:\Windows\{DB275AF5-B502-4f7e-B82D-A72CA20DFEEF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BE20AEF-93CC-4235-9C2B-84163A6CAD98}.exeC:\Windows\{1BE20AEF-93CC-4235-9C2B-84163A6CAD98}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BE20~1.EXE > nul4⤵
-
-
C:\Windows\{6026801E-6015-4f86-AA17-97F0C9DDB906}.exeC:\Windows\{6026801E-6015-4f86-AA17-97F0C9DDB906}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C6772407-09DF-4874-8E00-54ED559D53AE}.exeC:\Windows\{C6772407-09DF-4874-8E00-54ED559D53AE}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{431F6BED-8876-48ff-A739-3B2B56667757}.exeC:\Windows\{431F6BED-8876-48ff-A739-3B2B56667757}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4EF62601-EF01-4cde-82A0-E8C3680EEF9A}.exeC:\Windows\{4EF62601-EF01-4cde-82A0-E8C3680EEF9A}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{56E0D9B9-B6AD-4b25-8850-40B44E9B1BFE}.exeC:\Windows\{56E0D9B9-B6AD-4b25-8850-40B44E9B1BFE}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ECADA4E0-9A2D-42a7-8BE1-A515E7213AE8}.exeC:\Windows\{ECADA4E0-9A2D-42a7-8BE1-A515E7213AE8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98D22075-26FB-45c6-876D-1FDA24B3B9E2}.exeC:\Windows\{98D22075-26FB-45c6-876D-1FDA24B3B9E2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB3E8343-6024-4990-9D6D-CEB9F79D0976}.exeC:\Windows\{FB3E8343-6024-4990-9D6D-CEB9F79D0976}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D970300-98EF-415c-A60A-116C7C1154D7}.exeC:\Windows\{3D970300-98EF-415c-A60A-116C7C1154D7}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{C4F51D30-F116-4791-AB70-A44E3DC3ED0D}.exeC:\Windows\{C4F51D30-F116-4791-AB70-A44E3DC3ED0D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D970~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB3E8~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98D22~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ECADA~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56E0D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4EF62~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{431F6~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C6772~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60268~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DB275~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD574a3b6ee0ffe94169d769892332a39b8
SHA13506e2a8e5f3185d0c7ba88048e736619811eec3
SHA25697b5b2d4af70b5b1b6f14b02cc6f39a54987870b0162baa5cf434730393beacd
SHA512d8fced3a470d2053cb956752f383d05edfb4def639863c2660ff104f8eae94cce38a4fcdafb1998e52d30f73b43dd0bd906957f279e401d18c842a29dded2614
-
Filesize
197KB
MD5e24f817655230d4a423c3cec7200219c
SHA120b81e2d5cbe6f348d8f5eaf23d6595cced6e608
SHA256fbf7f99482df68e3b77b85ceda5215593124fed1e7aedc39a03ad2948f0e1022
SHA512e39e8c4da871751e981ee618a118be268592c3f9f74475e81a0cd82e6eb2426fc6ea7aae94f5220ba2678b0160f196b8ffdd5e9693ec848cf7c0f9f87c8ab947
-
Filesize
197KB
MD5c90cb1e7375c08dc6145d3a25ff4ad14
SHA14f706409936ac8a932a1ef733673408829678903
SHA25641eaddf9965f0ef0cc56b3bc793b9967e16cdc3ab2f1b3e2510ac7395fbeb314
SHA5121b5219ab095b54df6b97fdebef9b53cc34a9ee766c24f9aaf25e0d1d098515e498c71b94faf414250150c9e738b731557c836103406af29b18f7e6ddda0e7265
-
Filesize
197KB
MD5b54662682df501cacde95be4ca8588ae
SHA18cc18306b13b32434435f9851724592e78a308e6
SHA2562db9351bb32c05f4f0506b65b128ff724c46626258df90f3619ee7b916e1ee75
SHA5126b21ed071ddc50594e053144612fae82e32b1bc7443d639ed08ee45d59199ccc3dba14df139bbe89225dabafefdc108eeaa66332785db9098ec88bdcc876df72
-
Filesize
197KB
MD54c1eb3a3db626f3668424984b38ffcb9
SHA1a166af37b91dcfead56ff9425e59de51071078b7
SHA256e0cc0a01d5be5ce88df335905026d218141bbe811f0a68e57488a8c0684be3b1
SHA512a247b11b01c60a8aa95cccc3bbdf90b1c9f83a1b6ee5d990a1c46b1a491db7ca86c8b04f87d58869593ea56970ed6faa94e8741b9db5215610e2bf6b1e30b796
-
Filesize
197KB
MD5864bb786dce3a413b061f35c0797a19c
SHA15258b93a40a240567be1a05b72aabcfa6f0c67b7
SHA25650fb897faa39569cabf473e6907eabdbbb0c4c6c7cb49eaf54bc8680485a9ab2
SHA512dc65e38ec0c9d7631013eca99a81c9aa20134ac9e76a60821b9383ac3b65f29ba1312856fa096a2cbcd2dc5ad79697f3ab122e5b98b7206aa9326958410f571d
-
Filesize
197KB
MD5695f181511b4a37a98549bec9f1c6a66
SHA1e618307dc80fcd574f731bc66c326225dc22cd88
SHA256dbb3725f628cca5f669ea8020cb4b4c50599e83a5608757bf366edb716e49cbd
SHA5129d9c48d530d6d9ec77ec7b1e67be06b7f0331cf47571c4bc40633623e743567096d88c65f49c7598dab0e51ad8d5f88c39dd8da33a8fbeffd0f70e02cc943170
-
Filesize
197KB
MD5124dc1c5874c45c309c214fd50f166a3
SHA18ccfab8a29d6f82d39bf1744362885ee18817c84
SHA256d698a79443a6fe19a069ecb7de096c4596d9a8961e2a6bd95f66430f7d8ea6f0
SHA512fc522b2f81fc851a658dc32a913a50e534cfb526480f194621b73b1a7fc88c60b679b405c2d5b93527060c481b537ccec13da15d9b0b9f899d3b22e624e80978
-
Filesize
197KB
MD5c66d807f63309eef1bf65b8baa5f5d60
SHA130051f529062527fc69f5599ea97908f12a03270
SHA2561c47495e3d540a25841a6115babf05fc30535b535b989f22ba58f70077294a4a
SHA512d3c2e845e2512b5af7f2122d78f70ab80a0ce0e66033c6f644b74e31627e434e9a81f9e1fa4b3839c88f42e30644c54b3be7ea026d2fa101c57c3927acc41ade
-
Filesize
197KB
MD59580d2275dee889de453388458279484
SHA13f7c38960c1dba6a886e9d5742e102da46fb4618
SHA256b4c863bc104dfb4c856301af669021ba6b2bc5066db9416ee298d1f3a9c72519
SHA512d77b068590174ae543585213488253c951688779312438bb1654fc5857640eca2c7fe8988b3a0b0afdf82329046ddcdc557e2cace5ca7016b6105ab40d2c36b2
-
Filesize
197KB
MD5c18ea79a27e7c674766e144e87f5caac
SHA11bb6b5aa32faee1f153782646690b8a7480138b4
SHA256c9358b7777597941a1b0416bf440ad1156e489da2bf0dee96494e1d3998b7419
SHA51229ae0ea1d60400855595ceaed1f1e2beb98b1f03a3bca0ead8bbf7c29c9d68a52857a7ff3b195c4c32476412f199aab1c6a7311527641f31d5eef269ac49cdd2
-
Filesize
197KB
MD58a4757aef1ed10bbe5cc32130c529885
SHA1e8b2271ef3f135e2548d007bf911d64aba89938e
SHA256fae3f2cac024a96807cdaeb5a2a1866303dd2ba29054f1168190d962d880371d
SHA5120fdd3f01ecf1010688b849c92e1ae77db942b1cedf2e046d4f58f3dcd8b672bc8b0849aabb9f2b7a69f47931843c4c0a4a0061bf83cd83e85de937e4f9689545