Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/02/2024, 07:44
General
-
Target
2024-02-19_59ffb0624b302acdc97c867190301fe1_goldeneye.exe
-
Size
180KB
-
MD5
59ffb0624b302acdc97c867190301fe1
-
SHA1
1364f5fb65fc1b6c7c3aea6f94d4307288f90675
-
SHA256
defeaaf7b5717c752996f42d1eb79697acb97fef85b95ce320257151996d36a5
-
SHA512
e79cce50618b272165dbebb47fe042797c73c4ef81a9dc56eb751c48046ddba2c3201a42234f7585883f47852b997e5a7728ad164fe53394e9aa2ed75e2beffd
-
SSDEEP
3072:jEGh0o4lfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGil5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_59ffb0624b302acdc97c867190301fe1_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_59ffb0624b302acdc97c867190301fe1_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C1146549-C2E5-4a19-A7A5-B9EA76565F53}.exeC:\Windows\{C1146549-C2E5-4a19-A7A5-B9EA76565F53}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9EE0B690-3CA9-4071-AEAE-9FAFF9A2256E}.exeC:\Windows\{9EE0B690-3CA9-4071-AEAE-9FAFF9A2256E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9EE0B~1.EXE > nul4⤵
-
-
C:\Windows\{C2CB17EB-79F8-4c5f-AD32-355D15E6F63F}.exeC:\Windows\{C2CB17EB-79F8-4c5f-AD32-355D15E6F63F}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{82AE456E-42EF-4b29-BE41-CA0FD766BB33}.exeC:\Windows\{82AE456E-42EF-4b29-BE41-CA0FD766BB33}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1FAAA8DA-517B-464c-A2A5-8E0853B58543}.exeC:\Windows\{1FAAA8DA-517B-464c-A2A5-8E0853B58543}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4F221CED-F840-4a5a-B24C-E0C858D1035C}.exeC:\Windows\{4F221CED-F840-4a5a-B24C-E0C858D1035C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5944A631-14D9-434c-9E8A-5CA0809B5853}.exeC:\Windows\{5944A631-14D9-434c-9E8A-5CA0809B5853}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{590EE8E1-BBE9-4740-AEAA-5B03BA639E75}.exeC:\Windows\{590EE8E1-BBE9-4740-AEAA-5B03BA639E75}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A8AC78B-0A20-4be8-9D4B-5C8A1AF9B3F6}.exeC:\Windows\{0A8AC78B-0A20-4be8-9D4B-5C8A1AF9B3F6}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94447FEC-70C2-4eb4-AF94-032B99873C16}.exeC:\Windows\{94447FEC-70C2-4eb4-AF94-032B99873C16}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{954298E0-106D-40c3-BB10-A9B518D19135}.exeC:\Windows\{954298E0-106D-40c3-BB10-A9B518D19135}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0BA4F5F9-5ECF-42b3-85A5-D71962F37067}.exeC:\Windows\{0BA4F5F9-5ECF-42b3-85A5-D71962F37067}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{95429~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94447~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A8AC~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{590EE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5944A~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4F221~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1FAAA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82AE4~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2CB1~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1146~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD53264284ca5b923286ef55919185cf64c
SHA19f2cd69a02ab63e74c35c4fe4a0dabdd36280a7c
SHA2565944bcd650986c5842bcf9dca536cbabf9fcf0f8304dd9c9737956bae89077d0
SHA51283c2b16ddc6a425aaa2c891e813bc709f16e69e60d03297fa054846cf309e9631015e406e89897ca553106805003945919a0be0c1b5ad792997f705280c6ba68
-
Filesize
180KB
MD5dd9c2ac58f8d3ef15aaa2010a8e762dd
SHA123727fda6f8f1f434eee889def1152a9c6e09187
SHA25660c3b939fc7089db6d1f9438324419a18d87a3502e6fb8f7d261627d962c48ce
SHA51228b41204659ec51886b48c9f44b3d653be8da37aabf742ece7078fd8a631d5b0e4cb6abace608809e5d2f77ef1441460ffdc7dee21f4463f260e1799b50affc2
-
Filesize
180KB
MD5d5839c2979bb78eb3dfa806d006697ef
SHA175e7689e3219b8b7fd501ea43b6693190abe4d17
SHA2565dff8e1344fb2d81a9fe2ab9ab99e0493cb9448e4a20d56dffe52f80cabc187a
SHA5126246a6f44d99ab8ea73d87be2e94becf1153f3f392c365afcbf16467465e7234ee9ca026aa057dc56534df58876a60cac0e9dcb736fcc83371490fcd56e8a0b4
-
Filesize
180KB
MD5732f02f6288e1d64fd54b8b3d69d657e
SHA1b0ae9dc077f2905343f7a645619834259de3b386
SHA256c934662db4f3aef030019eb3a429ee49da8d0582b6ee5bbec6e0b14f4e497370
SHA5123e57e759fbf1a414c94df19c462f49e789716da205643e0dc3ce086a665f1ca94156d454bb149fdfdf68c03f97bd4dfb7e422544fce5e124e6105b66d024f400
-
Filesize
180KB
MD5f7ac30c3bf4e808d77d74e00d92176f4
SHA1ec4ee3d137f1c81e720526a4bc46f16391032fc9
SHA25674dd42c164212624f7a055c8da46a0962154e5f7a499ee26bdf98274048bbd5a
SHA512c529027f4ff8a816224ad15750625f80e4d1f06e337a4c4b610eaa5eade8eac9ed61b37b3d5ffdd89ffbfd560415e1c2d506022d24fefd480ceb80c8d620d194
-
Filesize
62KB
MD58b4a5e439778d42517ab6bcc86af358a
SHA174d8df5bb4b129f3b75bf700cd0a44bf7fd944ba
SHA256a05beaf92bf2c816d5596a4f0e5e65ff9ed872fdea7c62f9be0b6668d09c7b33
SHA512f69d9d839357507a56eaba090dd7963afa5aef493f6fd930f5c11aad10d9929fcb03a97d09c8ac578142bbbe581f2944a8b6dcaf8e6fb54a94567efff3cb7324
-
Filesize
37KB
MD56cc7c04d2247b58da44c22b40af9cd77
SHA1c20e95dbedb82ace1d911a0ffeffc2fa9e35c171
SHA2569eff6e3d0be01dce5bab47b631b138e9d343183bb8510460e9c7bfd71f4c6a26
SHA512c640e359ab3f80f410908af43041d6c21ce79c822518934c9666bec1f67f5613f979e0a37ab4b1b296acf12049dac2518bb7850ece1753b19a348c78ba9c4485
-
Filesize
180KB
MD515210ce4fa367709758257d42b798465
SHA19710604b4b02bbe3737088301d5046170cf8a0f6
SHA2565b50ec03a142cfaa046382bf5b83459c7e1c22f7d2585f627089e3d51ae4dd51
SHA512e4d2d9fed63242ef2d8fdf3eaf7dab651157fb442eb36c4209173b3d19b86aecf3716bb9b8fa4fa4df31e817a97821e61e25706303261596e3d514767b90e654
-
Filesize
180KB
MD56a8b28cc658dcfa3f05c36d74b2f724c
SHA173501dc18eb516b549f8527b01760c5811fe935f
SHA256cb6d49a2903f4bab89767fa7a3a1d5bace6799f98ff49f8534aa59e5e8830717
SHA5120eba9d098b02c809ec9042abac2484cf574b0614c7bd62694c9f8f24a5325f9992df0a42642a13935308b536e5a1f6f1bd0449bf8b9250f2d38133cef5c5e3b5
-
Filesize
180KB
MD599cc0bcd34b8a5517a61dd72f08aaadc
SHA1739d2229d589bfcf4db5d0f5e5f594690a8c6716
SHA2566720bd93dc0fce3507b844cfa75b1d612898e923ec5f7100cf8fdc03f70fbb68
SHA51268766207dfecd768bc147d28661a52d617e2e27708bab2e92735d79b84e411389e1a4fc20da2d3e05e324358e1ffb841c55dc0b4ec91d13781dc1a881387f75f
-
Filesize
180KB
MD5bc896a19d2708c3d9c52f305104d3e57
SHA1c594e15232ba19f887bac529be12c4fb8eb37c55
SHA2560754367f120294bdb4cd21534f50c6fc5ebc5c390f1a35524f3b28121627c071
SHA512f94b09477989ed4bed85781d9dc1ad41b4855669d1ac9ba6ecbb83b69b1f4787bafcdbc06c9c0028c6e1d76455b6d05e6adf67a3030d93ace142c8a554bac047
-
Filesize
180KB
MD54c1a293372e453b83e4a7bbb2c6be5df
SHA1fe45dcb22e5acfb1de37ed9587a2adf5d5d3c319
SHA256b3ce72ed1f3576a8e85b49cb2b9e64ac6a14bd938170bd0defd1e61367599347
SHA51205fec6f3afea88a707a3c8b3fba96af134ed25d8befb6aaa348711703419c3e7ffa0cebd1036bb3146b225d1c9bccfc0333cfb881d3a6d91fd4976f1d0cad892
-
Filesize
180KB
MD58d925ce00ac6a59429df1f59349f7706
SHA1de1c7b064f74e580b17d72d3b874d1014e56dd40
SHA256f8e935c496e0f75aadc8015277677847e6d68b650357bfaa5583c62402e97dd8
SHA5125034398aadba35358d736348ac166145554461b6aae53cbad013768d72a7a4e41fe9ed64606aa30f37131b363d096a76673a1e63321b0b91df83e88a98acd491