Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/02/2024, 17:38
General
-
Target
2024-02-18_4848c742a84ccdfdb81fea25fbfbee7c_goldeneye.exe
-
Size
168KB
-
MD5
4848c742a84ccdfdb81fea25fbfbee7c
-
SHA1
7c46053d89f15df7d8360a064531c23369028ffa
-
SHA256
9765be7826adf144df01b85b2483b9a25e1618834e0af6222e18a65181865cc9
-
SHA512
500a3c073b939e7cb9ad3fcec1a402904b91215c8657880591a125e690425c1a60427518b97a42bbbccaa6ea3e111617fa13bb65ecb21138052c9718fb023ee8
-
SSDEEP
1536:1EGh0oNlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oNlqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-18_4848c742a84ccdfdb81fea25fbfbee7c_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-18_4848c742a84ccdfdb81fea25fbfbee7c_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E50E0047-F98F-4bc7-BA67-007E72B3FA40}.exeC:\Windows\{E50E0047-F98F-4bc7-BA67-007E72B3FA40}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B228B7AF-1A72-404c-A9BF-39BC4F377E92}.exeC:\Windows\{B228B7AF-1A72-404c-A9BF-39BC4F377E92}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B228B~1.EXE > nul4⤵
-
-
C:\Windows\{E67AE9D3-A531-469f-A6EB-430B64029E3E}.exeC:\Windows\{E67AE9D3-A531-469f-A6EB-430B64029E3E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B1880CA8-A969-44f1-B8E6-DD7A804E37FD}.exeC:\Windows\{B1880CA8-A969-44f1-B8E6-DD7A804E37FD}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FFEDC662-7274-47d1-9F19-2AB8F3066A3B}.exeC:\Windows\{FFEDC662-7274-47d1-9F19-2AB8F3066A3B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{363B3CE7-C007-43ec-A5CB-9F299A1FFE77}.exeC:\Windows\{363B3CE7-C007-43ec-A5CB-9F299A1FFE77}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{027732C3-C658-4e3d-9557-BF0931AC1272}.exeC:\Windows\{027732C3-C658-4e3d-9557-BF0931AC1272}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E79906EC-2C3C-4279-BB6E-CE406A59A367}.exeC:\Windows\{E79906EC-2C3C-4279-BB6E-CE406A59A367}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DE5628F1-09B1-4b0e-BFEC-8402098DA0E9}.exeC:\Windows\{DE5628F1-09B1-4b0e-BFEC-8402098DA0E9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{38BE1493-E080-4998-8C76-7059F902D0C9}.exeC:\Windows\{38BE1493-E080-4998-8C76-7059F902D0C9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3F7DF79A-CB08-41b9-9CDC-6E2D001F1BCF}.exeC:\Windows\{3F7DF79A-CB08-41b9-9CDC-6E2D001F1BCF}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\{4F095006-9E51-4c6f-B492-E164C1DEA5EE}.exeC:\Windows\{4F095006-9E51-4c6f-B492-E164C1DEA5EE}.exe13⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3F7DF~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{38BE1~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE562~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E7990~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02773~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{363B3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FFEDC~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1880~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E67AE~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E50E0~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD588897483a5878e30b9895afcc808e09a
SHA19447b8c5f554767f5d621ed49c01c2e8105fce59
SHA256b6b06a10442eec041aa5de214c50c4c50afd5a239e63051b9aedb601ccf4ffd7
SHA512ee0abf88ecd9b47f2172027adf8bf6fe669833ae43fbd562b1736c0f852547d9763cd3aac9d2c6ca888d695da303893771e8786e3bd35b008de9fa053a503425
-
Filesize
168KB
MD572892deb5f746b67ff002eb3a839d42d
SHA13a852fd3a26451bdcb3340553c3854ade181de31
SHA2561afd29900bc78e9a5671deef4b69b312336923f4ba313c3b6a8173679339282d
SHA51227156363f11562b25284dc41b56f92f2160037f0b08f7696b4032359d9f27c092419ea4e63c989a96dd38d264c402b8d1098748cc3ce7cfa018149ae433a69b6
-
Filesize
168KB
MD57251c836c11f5c21afb8cfe19da055fa
SHA109c392f547b059fc5b2fdfffd21e1d39757ebefc
SHA2564c2fae0dd7a59a9dbaa7b84ca1728135e8dcb9ce87d26a56ae4047af894dd803
SHA512af5b13c12ae360e85b3f42e58778b859be5bd22fa4f940d81bf59c92d3a3daaa22ea1e33e30fc447febbe95a9b0c403a2374ba91dafc6cd185c0381f15239b1e
-
Filesize
168KB
MD5bd6fa78df6aa72014431652d069fa7d7
SHA1bd0cd16ff2aea667ec2a2bd6323b6b3fe54f68a6
SHA2567f6fb5cf6058dd1ec30b8c7ca61c52f134c0a7d17e511682a65b511ceff42c50
SHA512ed2d1db2d40ad8bb59cc9056ea42baf60d31d786b7cc53efb56fe1199f3b01a24a357a4550ebff9c62182c56130c20eb068545811deb3a13aaa937244804db57
-
Filesize
102KB
MD5c8ad8c946af6cd39c3cef173c8494b73
SHA117183a6b4ae1a0e566b18455643ffd155a0b3dce
SHA256de2b6ed70639f8dccbb679bdcda6f4a5c1ccd6a05d4a1163d04429947ae0418f
SHA51206e214a6a9710db675f85f1755503f5a47453d375c9de18619ac8f614bad1b26154e00d860dcdeac3b5645f2abcaf2edc655cb189f4d881266c9acf94fd28227
-
Filesize
17KB
MD5ffd63eb93b0fc3a468a244fa2758a6dc
SHA14696991fc416c34399fc74d051bdb26a94080b82
SHA2563c814194c591616e69e05e35d6a337f695b9bd17a57cd7c9db5a2a79405ff176
SHA51298c5ecc3c4227bf81a1a76a3eb910f9cb47c86cde4af3fb0963ef2f6b48f67201c2c09ab55d143636a8ad6080b5a36b69bc0ee3589ea456d6221117b931ac6c8
-
Filesize
168KB
MD574a56c6c9a552282c79d7a6dbbe5b93a
SHA137d285a80d770954f5ce21b78a2b5ece9855ccac
SHA2567dbc914fb12f72719b618639930e66b582fbf25233e246b49ad2ae8f128e7790
SHA512e670052c89a10c2cf2bf17154e47ec17310203961a2b44fa0d48dc1aeaaa49e201fa6f05dc5d6cdeb2745f94223b6142662a992ea6f5da988fd777aea04814f9
-
Filesize
168KB
MD56a1e9bfaef916fccb0e0d7691a2439eb
SHA1f2623664ff3e8a7b27cd97a545ec12e6a2e664e9
SHA25680b024c903e2cf2a67dde0fc4170ed5b6b038ef6f8e0892c714028e4c13956c9
SHA5121be84cc536ce6d1856944ad67b070efcf773d81827967e200d78f12ec99b642404281d8fd93a5acbe7a1db1f75950aa83c75deaaaa9203624484f8fb61f54f62
-
Filesize
168KB
MD5fa7d623c9732df87e246b8138f087a11
SHA1989f12a77b9ad840c46729ea153002aeb62183dd
SHA256ab299eca265155abd6538f50b3a92d3076bc622a037f8c64533227ae976ee038
SHA512fa85431a06f442653be6225e59907d0a4aa001632745cc5f9533628f90e5f471fe2edeecf80ff09edfd3bcf9577a2b61b0686633b0f2193265a961046a57a73c
-
Filesize
168KB
MD531f0be6902cff6022676f4a2d4a98488
SHA15c14465e5bf9fdcea1f39fed83c9110ba05fe9c3
SHA256aee3e80ed90203357b0a28bd8af24a99249b26a1e61f6e68ace1d779afd583cf
SHA512a10a6884fa7b3a68b2e18bbe7536835b0b24880afd82291692f7508ff6d881d361c82d6e5bffec22f5bb1c850a49f79af6759cbdbebb5b0e6a0bcee5ae8bab4a
-
Filesize
168KB
MD5b2d8c7c98698a6ed998019fcfa58856f
SHA17b52beff208218dbe8c4e46d48ace49512fcd72a
SHA2560201e1e71429c775be0af46420db490e7e3e0d3b5e1001e873e0b76b9bf26c56
SHA512f3af2853461741fd7b4e20d2f263ef8421991f0aafe7d33a808ab4a45639919ebb7df197147630807f6ef5ddef7f7cf4a6cc5998839bbab0670958dfd7f48728
-
Filesize
168KB
MD56eb63f5f5e8cb8143b3c5f1a1ca63bb3
SHA15c9ef27d18783b32ccc6d96b2f303554471f4867
SHA256f99deccee085d5bd574bf5119a2ea7030fa0717a46966e92bf7d024d05e12d0d
SHA512d92169b1988e982f7f15cf805825dec59a94175a8307badd32d19784ca0b69e5944c632501d12ad93866c2b1526183068c610b374ebb64b957310148804252cc
-
Filesize
168KB
MD59fe42d133e2ddf1ae6f8ab8df4113ac9
SHA1c7f53574136bf99b701082ab317e10bb8ad7850e
SHA2565d63e0e7a43f37c1bb902e5b0cc4d1c03eed8ad9ab6f81604bbf4290f49c03e2
SHA512cf2abab43b8d872523035f39bda70cb32a3287fcfcf692202c216829cf5edc54d03cf90b302d2635c14eed47d69ce3097fd9ae2cc7f36477ff6c64ebc0d38fa8