Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 08:29
General
-
Target
2024-02-18_2ce73e36544f566c452f098f07aa5b0a_goldeneye.exe
-
Size
408KB
-
MD5
2ce73e36544f566c452f098f07aa5b0a
-
SHA1
96829e1dd1e09b32adb799a877e198d3451926c2
-
SHA256
5bd624e1e48b40582eedaf94dd4b1e628b164fe5d847f2385449eeafa2556cc3
-
SHA512
22c6fb47e5c3ca8be67d48e98886bc413c2d47f1c9cdaf984f4d53cdd01d323cc825addcc2e727342616084ffe57999a5cbf5d6631afc45e149ac085beca6a2c
-
SSDEEP
3072:CEGh0o5l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGzldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_2ce73e36544f566c452f098f07aa5b0a_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_2ce73e36544f566c452f098f07aa5b0a_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5DB79CD6-9C01-4fc6-A3E0-90BB13DFF5CF}.exeC:\Windows\{5DB79CD6-9C01-4fc6-A3E0-90BB13DFF5CF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C46C53E5-00E5-4e13-A64D-77E890F5DA09}.exeC:\Windows\{C46C53E5-00E5-4e13-A64D-77E890F5DA09}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C46C5~1.EXE > nul4⤵
-
-
C:\Windows\{6D82C95D-C933-4a8a-95F9-F2A13F2F011E}.exeC:\Windows\{6D82C95D-C933-4a8a-95F9-F2A13F2F011E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EC33516C-9056-4791-861E-A533B7983827}.exeC:\Windows\{EC33516C-9056-4791-861E-A533B7983827}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AE9C15E0-442C-4955-8526-C699C343A27D}.exeC:\Windows\{AE9C15E0-442C-4955-8526-C699C343A27D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64E1F239-8652-4ccf-B613-38DC2BAADDFB}.exeC:\Windows\{64E1F239-8652-4ccf-B613-38DC2BAADDFB}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D5BDE88-19A6-4698-A4DC-EB537345C836}.exeC:\Windows\{3D5BDE88-19A6-4698-A4DC-EB537345C836}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{98884819-5DE1-49d4-8FD9-3902B03C3972}.exeC:\Windows\{98884819-5DE1-49d4-8FD9-3902B03C3972}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{90DE41F5-041F-4be4-B87A-A6012B34BA53}.exeC:\Windows\{90DE41F5-041F-4be4-B87A-A6012B34BA53}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2F4899B2-C22C-4802-957B-0E903529800F}.exeC:\Windows\{2F4899B2-C22C-4802-957B-0E903529800F}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4277A0CA-16ED-4288-8F38-62F80D66B96E}.exeC:\Windows\{4277A0CA-16ED-4288-8F38-62F80D66B96E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{122D7DBA-1156-4be6-BF7A-C69C0EAADF91}.exeC:\Windows\{122D7DBA-1156-4be6-BF7A-C69C0EAADF91}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4277A~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2F489~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90DE4~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{98884~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D5BD~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64E1F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AE9C1~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EC335~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D82C~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5DB79~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5af73a7e9488cbad2f849d20870a0e123
SHA1eb98cfd923e6ec95ceeac566abfc94a99fc92db4
SHA2562ae0fc089afd67538be17f08914da88d182e07085b1da2b59b33705a6fe112ae
SHA512f12a8ea837fb16b7ec0e34504f1877b42b3d19bdd2602c7afb9ed310547e6c07fd03be1a3bd9afece9b8f85d7a7d8c6e0f0a8c992c00059a59bb5cfdb0e4f92f
-
Filesize
408KB
MD54c36f483e353932b39500840ebddb123
SHA192fe270e91ba5e720453a9482b46c56848eb08ce
SHA256b8feaf83ccfc297697f6e7880f018c866e351a9d1504f492eb0f3cfef98e14de
SHA512f3e0eaa98321bd9af22794b9cd5c193df0f144dd75ddf03e6ae98a32de874bebec89b995446f49ad7adb5cb7cab8308597a5dbdea9a4dedee5b7a79fb9fadfbe
-
Filesize
408KB
MD503cfb0b603fe7b6c7c15d985c95ca70a
SHA13607c5bc094f34c4468b33c3e6d40dd997ee99cc
SHA2567408c3e7dc44618369478a6bd0c2cb9245c5d44a55e7b4cde85c2d1d7bcbc1c3
SHA5125f8abe79aeb7a94a4087ec2a28ece2e3818c9ab67cb56eec9578b24520406a39d6e9f572fbfdd152611e390942c43797f67a864895ab4b688936b60171506f87
-
Filesize
408KB
MD5761a69d1d148feb4e4eff55085f755e7
SHA145b7bf2c0cde4cdf6a00a7479335ee65f1cf5701
SHA256711ed553fac2281ec091d78350581e0dce268e5272651b39516c7458afd96f58
SHA512cb2a54d63a261de316a809a932d1c27178be834b02db0810d42b124b5df3beb94368abd7f84a088fb1e891b88f187c45ad282693e7da52b5d2dce87c4eeecdfc
-
Filesize
408KB
MD58d3fc77d0b58e4ea10245837329caacb
SHA1b6c61890c447546e4ad05453ba98764ac39dbc51
SHA25615c556fdc874f8cd8a91e7afd4a7a8ebd8937cf5e301ab2ae6701a792571ff09
SHA512f06373ed3a48821c00f7c94511add79675cfd255bb18ac85565cbf4ee7c526119f59c2d2b47bfe8ba1129aa33fa646c3f7795314d9ae7465e4570ea1cd00b16f
-
Filesize
408KB
MD52dcd66dcd922463f40c261b7295f27d8
SHA1133c27ecc81f08abbf7dfdc80441bd8841b0a981
SHA2569bb54caa62db4d13e5e5a2ed0044a44e4c1b0d002b0660d035798a186e312b83
SHA512d97a5cb02e91a90ca2aab7c77913f4ff5cfa87001b8ae0d025da44c178bc469a8c323ad2b4290b9e92ebdd11487eadc14b16b6e91a5e000de673bef4531ed11e
-
Filesize
408KB
MD5841918650b4fbcabced5b631e6ecb655
SHA14bb43180e5d9745188040405d7c853864b410d7e
SHA2561a78d36f27d43e22f00f974e2127d3911ac86978c88e544b505bb79de79b24d0
SHA51236999f233ce8c97a6e561ac99a241a8ee22d29fc0faac42b1428ff468eca058b6ef10eb75667d0c3cc1d3d8d29dcd5a7c93e342fb9ae08984417a72e01f3f35a
-
Filesize
408KB
MD5fd85227cfa26609f8267d650b6a7ab82
SHA1948e1cedb3192bff5a37fe95375bcb2a1ad25dae
SHA2565f2779dd5f39f3c4019a58b7b4ca4ac874274e692bbb778a603783b4c1f6f900
SHA512b24d3ec01912d1c9eaab426b492109ef851d047b57b8e5d4adba89cf8a01f8e365649789a40b9167cb4553385200e4cd389fd14d6063bd6c66592ed1eae57a63
-
Filesize
408KB
MD59bbec5fa234f3efb26ba405ccc258fc9
SHA1f33a7f7b48bef9969e69f356a731050fbea8e275
SHA25670427b95e5250cff23ab81a8807bb0dbcca7edebac6d4a6a72b9f46b11e93a6c
SHA51203fbf56f4bab47945f53f9a80cbb20c72223bd0235142fef9879cf260faaf4a1ad7a376dac96751feb7dc7a097a05a93914adf5e8f331d4ba66bfdba34724df6
-
Filesize
408KB
MD58e804dd541f8d21879bad0fabe562e86
SHA1f6c5df1ed4f4c80eb400fb43ea2b3a6940551080
SHA2567c07d7378b036e4b4ae2b39c4c60c801c4ec3b71e871ff2f31dacd26ad6c43b9
SHA5121363932156bb709a414d7fda7c00b784b7317e8b12c17af6986e3f5813d29caa9e58aa21946c478d4d28842c3046540281821a1d56bc94d6e427a39477be07d4
-
Filesize
408KB
MD51b17e819be047c4b19c24426885423fb
SHA17c2618353459369bc2b5f7308f69ea95b806d842
SHA256f3a078f14dd31b955e7768d50235ff05b832fd22092a5c6c9137a26bdc70b740
SHA512158ea2c605484cd376b61c24089d2a6c854f74d5df378dcbec64f7b09e3deb81c8faff25e2b6cb1b78e27a4c6c0b9e1bec32c9a6a1ecf7571b853e6da37a29cf
-
Filesize
408KB
MD52e139a325670f53d387c0701095b3d70
SHA1ff8015e7021ed6447d31b85cb0367a46bbe3a4ed
SHA256bd2ffeee3af1d05c7645dad8cfffd889193df09b20c691d84c0a30decea6bf26
SHA5121d57971e1a6904b1b63efe107df95f32b82f62c5b314806c8c102ad23383116d7d4321216df3ae4e59f1796f61c17d37e6f6f133b67fa137c277919908095b05