Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19/02/2024, 07:37
General
-
Target
2024-02-19_3af88b3d8fc125b822efe6cc7129902f_goldeneye.exe
-
Size
344KB
-
MD5
3af88b3d8fc125b822efe6cc7129902f
-
SHA1
73fe0a2ae6404838ea0a66cd674e815fcc017c7f
-
SHA256
77c561c59149faa979eb7ac434bf28aee1df84c840d7f1f47a5d6ccb29670878
-
SHA512
f0534272c18ccd9230c0de9f079e0a7e02928745eeff76278f99dda60e308460d45754608da1707a500064408eb63d6af6c3fb91c303e4ebc5092d3cbb2bfca5
-
SSDEEP
3072:mEGh0oNlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGblqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_3af88b3d8fc125b822efe6cc7129902f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_3af88b3d8fc125b822efe6cc7129902f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1554E766-D8AD-4ee7-B381-31696365B00D}.exeC:\Windows\{1554E766-D8AD-4ee7-B381-31696365B00D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3C437E32-D8EB-46c3-87FD-E74B1795A5DF}.exeC:\Windows\{3C437E32-D8EB-46c3-87FD-E74B1795A5DF}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3C437~1.EXE > nul4⤵
-
-
C:\Windows\{CD9FE563-690C-42c8-9543-14F9F328561B}.exeC:\Windows\{CD9FE563-690C-42c8-9543-14F9F328561B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{97CC8948-4C52-4440-830C-838B0FCF93CF}.exeC:\Windows\{97CC8948-4C52-4440-830C-838B0FCF93CF}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FB822CE8-AE01-45cb-BE66-7931E4A81D55}.exeC:\Windows\{FB822CE8-AE01-45cb-BE66-7931E4A81D55}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FB822~1.EXE > nul7⤵
-
-
C:\Windows\{F5CC8CA6-FCA5-437b-A757-62C68E5B9209}.exeC:\Windows\{F5CC8CA6-FCA5-437b-A757-62C68E5B9209}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{809E52AC-2F9B-4a9b-9D87-AA38D37D159A}.exeC:\Windows\{809E52AC-2F9B-4a9b-9D87-AA38D37D159A}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8807DDD8-F8DF-4665-A8A4-81BA9B3B0DC7}.exeC:\Windows\{8807DDD8-F8DF-4665-A8A4-81BA9B3B0DC7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1BEDA9F6-5954-429a-AF72-BBDFD48D0DFF}.exeC:\Windows\{1BEDA9F6-5954-429a-AF72-BBDFD48D0DFF}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C5E18F42-2B92-4b3b-BE3B-11C5F255BC37}.exeC:\Windows\{C5E18F42-2B92-4b3b-BE3B-11C5F255BC37}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4CD499B6-A414-4629-AC46-AB9408A0248B}.exeC:\Windows\{4CD499B6-A414-4629-AC46-AB9408A0248B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{7CC9F325-180A-401a-9470-0C74C0DC6205}.exeC:\Windows\{7CC9F325-180A-401a-9470-0C74C0DC6205}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4CD49~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C5E18~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1BEDA~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8807D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{809E5~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F5CC8~1.EXE > nul8⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{97CC8~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CD9FE~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1554E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD508bd6ce9064c13f6772b2589a88bdd5e
SHA1b4c2b90601512c7adbf4b312630ef0e8eff782ef
SHA2563253087706f75ff122fafb48423a817dcb12a4bf07fd826805b1befd8f6f6199
SHA51251d8d6e4eec69eb1443daf02dcd8cf848a1eb77ee57a229cfa32d0b3b9c2838078624841407116261500d445a8d5a9727cc474b4e7d0e4f9c902104c166aa22e
-
Filesize
344KB
MD55aeb6f89f7cfdf6c098587490133078e
SHA1162b8cb271bbd2a6b0a78387044f661e2f727a8a
SHA256f15b226170d4f7951925bc1522b5be10802a0b47c6855539374f997fc68f6cfa
SHA512e3c946560754984db200b8335fe73866c05c006e5232e439d0d4526897e1bfee7cd263aaf6a58e659c29812a01298fc122abbeb732a480e1281a2546c0625fab
-
Filesize
344KB
MD529392a64652475d905d4ba0760ce1f27
SHA15a0b140df806751fb68daf66b80c5bc10cc04ace
SHA2568928cc065e74b568a37101f34b1569399545411f7747778fc243b2e12c43ec5e
SHA5126b94f96401b25f8406468fddfc512c8d422eb429d81f2fc0ed21224e6321a3b577df3782c86fa42b85d6de48314ca7b1ef52b55b27a0c1e9ae37209c874a7886
-
Filesize
344KB
MD5d2866fa749ec7766b314f7c225fb3938
SHA1ff2afb7ffe22199083f26b6c6faa8a9ad5c0a4dd
SHA256dba86a0d1bb95207bde0b8c65e405105e3dae6e58f62a21e8b84acf8a74eb8cb
SHA51294c6ab7325f86f0ae007178bfecaa1e2141c68ecb49234321c64ecf3670a93926e279b498712047d3b68f13c7e384702011f30e696018449e9d9899121499d60
-
Filesize
344KB
MD583a92e18553cc38443d886cc20e35fe4
SHA11283a3c9dc20becc54c90920793a4885ed83aa0c
SHA2566dd0480e26bdfdb2dd454a608409e41fc261648a76617629c470265e3afd653d
SHA51296d3a696658920fdb80c0d7748672e4b0584d9367682bd2288614e340c016e7748b105555b66dcad11d471349aa19b8c6d146274cfadda42d703e501d1dcdf25
-
Filesize
344KB
MD5c7a7f142b82db89666deaa3f812bc26c
SHA132aae4575ff82c50470342bd247a3667e5ff5a88
SHA25648f43e309193d45585b1f79fbf18b53eab048edae25c6f2f150f6bd689b79264
SHA51216b85b40be476b13ad8dd6faba0694e8e98954d012b76a01780bdfcd9abe3e8210585b8e1653e10ad6ee753019f8a7bf90dab9f49bf9340f54427776326fa00f
-
Filesize
344KB
MD5e339675718fe9c31e1677be17209ace0
SHA19d5cafe0e5fb712cbb6d1253c7641a880c67cca6
SHA256a2fae35b59b8146ae382648300ebdae2a9ff51450383c8afecbddbbbaa39f379
SHA51203de906447ed3b7e040542bbbebebf23f88871516ad66cff6111b2dab07d5d051c5be3ce1c60e8ce850037a6af87bb25f65650ea281b3f40cc18a2a3eb128cbd
-
Filesize
344KB
MD58a3d0c07d6f32bc6654e191934ac643a
SHA11c40f987e6471616fe24464a6edd3e57c68ffb58
SHA256d428d50bf626dde35bfd07d41dbfb745cdc5ac1c331f31f71e08b1e2e46e1ca8
SHA512d4f0ed7ed968ded9d7f8fdfeb3ba93503411d40711ba15e46b0992d859c2b72f34605d030931a5e0972174984d4b596f77cb24b74b93f4d320fa54b8adab1670
-
Filesize
344KB
MD5ca37ec51f093359e114a3c1ee4ee6324
SHA18d9cc2b3a39b83c6725bf3298f8bf444eb0a0767
SHA25643ce25a111e1acba5fdc3975e186751599417aaecd757fc240f1b7f484f062eb
SHA512cc14beb81637a8482763b324a720b731c1f4b865d761b82f726d67e49d74d5ef65756a36ab8c0d8d897408a074f5dacc139b40aa8d03c49ab324adf9d444089a
-
Filesize
344KB
MD5ea2d9011f0ddf071df39db2422894c59
SHA12e0dbd7037c172e61f5be7f4702a8114dd955f38
SHA25626e4b18c30e4825538bfce5e26b4adf588486af00c0bb01077e8b33f73648c33
SHA512630a0fe2e14c778fd2b44f0b44a753f06792b714387d2a3a944657b89fc5954a7f9fbe155d42e8668a39ad6864fb5954b58e5fc83830ae08a68c308d946c94ed
-
Filesize
344KB
MD5a6481095b2a619c5bfd8ad0bde9b53e5
SHA18ab247ad2cc67ae692dd76fa15b50ca468b781c2
SHA25684a93e735d07ae58a51c49007653cbb3febc0dd563197669901855579c494a44
SHA512e93dc950cba4e6d67ddf93811fb0f991bdee371244debab52950628439a74ca83a2fac69b864d77e20358f0a544e9a53cc37620469630d6e7ade808c6a4c6396
-
Filesize
344KB
MD55b69b85710be723418f3f17062dec9e5
SHA163846977885dae8544b187047bdcc70dc1df2f07
SHA256fb0109ddbc865ba8977451f6dc6a4dea3f83c000f5e829288a34594781a5a82e
SHA512c3dbd6a8f27c7e9b64b231a00da3bebf1bfb954d388580bfe5a66fb21867f3edc8deb24b2a8de238ac2c549eee034764e7abd41101ff6731fb30dd754f5b29c5