Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/02/2024, 17:22
General
-
Target
2024-02-19_0b1c3fe30acbd6ad57b6485c6620784b_goldeneye.exe
-
Size
372KB
-
MD5
0b1c3fe30acbd6ad57b6485c6620784b
-
SHA1
1d840d9652a72ce11ff50bc7a9661535c49a24a8
-
SHA256
54595d06b7a42f4579b9451e9c3d7899734d55196be8b198bb393fa43682bb50
-
SHA512
99b4941ecfe2f2be66d30b2c70fe25b88640c300f544a8a01c81a5ac990ac9b75a400ecd2af62160646d4c57b1302bf46a479652837c854c3e9680aa7afa3673
-
SSDEEP
3072:CEGh0o3lMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG9lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-19_0b1c3fe30acbd6ad57b6485c6620784b_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-19_0b1c3fe30acbd6ad57b6485c6620784b_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{408676FC-0E9C-4711-A2B9-B8BBADEBE4B0}.exeC:\Windows\{408676FC-0E9C-4711-A2B9-B8BBADEBE4B0}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42ADEE4B-FFB5-49de-965D-E3F0BE25E526}.exeC:\Windows\{42ADEE4B-FFB5-49de-965D-E3F0BE25E526}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8FF5DF80-F735-4e57-812A-651A3059341C}.exeC:\Windows\{8FF5DF80-F735-4e57-812A-651A3059341C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2BD78A25-5AE2-4738-8701-214B48B8F7E4}.exeC:\Windows\{2BD78A25-5AE2-4738-8701-214B48B8F7E4}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2BD78~1.EXE > nul6⤵
-
-
C:\Windows\{70590F06-2182-4df3-A40E-31A249C9BD6E}.exeC:\Windows\{70590F06-2182-4df3-A40E-31A249C9BD6E}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70590~1.EXE > nul7⤵
-
-
C:\Windows\{93AD1BEC-FA9C-45e0-8797-FF6BB74958F9}.exeC:\Windows\{93AD1BEC-FA9C-45e0-8797-FF6BB74958F9}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1F0D407E-0D68-4c3a-AF06-C0768C8B58EB}.exeC:\Windows\{1F0D407E-0D68-4c3a-AF06-C0768C8B58EB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C36B7D2-0543-4e39-9E64-276A1F357D50}.exeC:\Windows\{6C36B7D2-0543-4e39-9E64-276A1F357D50}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EBFFD8FF-D5B6-49ff-98DB-CB86B36799C4}.exeC:\Windows\{EBFFD8FF-D5B6-49ff-98DB-CB86B36799C4}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E69D51E2-5A1F-4429-B0BE-59F4E43545AC}.exeC:\Windows\{E69D51E2-5A1F-4429-B0BE-59F4E43545AC}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5FA7B9CF-B205-4b98-A4ED-C04FA7923674}.exeC:\Windows\{5FA7B9CF-B205-4b98-A4ED-C04FA7923674}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A6A3BE98-6131-4965-9475-916D43742065}.exeC:\Windows\{A6A3BE98-6131-4965-9475-916D43742065}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5FA7B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E69D5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EBFFD~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C36B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1F0D4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93AD1~1.EXE > nul8⤵
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8FF5D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42ADE~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40867~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5d78e886fd4fb385b21f2d45884f11bea
SHA1817a1d4b4bfe1c8481ff87606345da9b88a66cb0
SHA256599aac2116593f672b4bfebe8fac6e41de016f23be5f0c825a55ed4f7e1fbfa5
SHA5121562cc8495fd8f8725f03040e6d93e52506ffada0d4a8a7eacd6128bd72972271ef51620b67d876c58227865af81f66f6a8b6d82009cfb0e96dc8a19e018bbff
-
Filesize
372KB
MD5de55d3ad0443b5a02b3a2d28def92db6
SHA150f2c3d98a44f066de886b08970876928897e8ad
SHA256c1c61bd5712e8e0a07bb7dbb4e45e6c3733e4e9c67ff1fcd7dda3fc2165375d4
SHA512ba2e27e52ff2a60c473cdb1316e54d780516601539f2e83d4384af3e7405c96b14ff4c0f654991ed799aa3d7a3c49f2fa631073620d8308bab0b9e2508283005
-
Filesize
372KB
MD567838af98807ce7b132c8fd8f5decf2e
SHA176a7f168823f0df58f6667c6ed93205208543b47
SHA2563572350ff6bf608145be004e25ca869d6d975036aedd1f7a51d4d421a1f93e69
SHA512914cd7d6cb7b0aac41abc72d3a7230ecff541f3241c4591c376bb61af39dc7f4c0225d531a13659c5892bf614ac369464348ad07d6e970794b90daa6e3398398
-
Filesize
372KB
MD57692a929150c0c2b1efb45a028bc7ace
SHA174063aaf8e611f7b62ee9e287896bf93cc23130e
SHA256fb1e1aafd1511ae913f2984c1f08be9ad74639e59ce86e2ac152135a5efcfe34
SHA512f7a21dd18006397e173ce6d58caf116153c734f827757d13247bf0d417eddc492ef4e34e51227ed90a9d828cd22a8fe20657af04c63603b90c38637836472920
-
Filesize
372KB
MD51a4b0ed45d3722836c8211686b2612f5
SHA154c47fece66fb3862a060e3acbfb579cb39fcc70
SHA256c40be934bd62eb88e9b29ca04e77307e0db1eb3c4c9d95f22c4baa8e99e674f0
SHA51252309b23c2a4c372f9d62801060d2c921c64ac112a59cce5c7019452d31850f1cde2f4c327ddd6a4793cb0658bf7688e9a2be2c356f4d825b9548fe3f9be50e2
-
Filesize
372KB
MD547c3648a416f5342c9ff85ca4aef458a
SHA1c497165128d7946e3025bd1b5577bcf0afacaf7c
SHA2569cc6a6ffc8f62d3f15c48ea32e239b06b20d76db6b5a2133f26094f37d9c2d35
SHA512b3074742af7489197672487e2877aa3eb6619a0396a0ac6284900b6fadc59801d2079ac579bff651a6e7b1c1a503bc65e2fb03d6b21f1ac0c75665fa9c81cd39
-
Filesize
372KB
MD518cdafbceb79f272ec7dbb30b56c8ac1
SHA19fca3cfb148cdce173e6d027d536f259f8fce918
SHA256573428cea6f900f3dedb36025bc556f8ed99350a5ae5273313f4478de942cb1c
SHA512c9db24c7a79839a168d818e5e5563e82f63666929695900d74b8ec93cc8dc69cebf5a24d8479495aa47ae21185291920b6cd12a9a2612ccf86febff055b1dc52
-
Filesize
372KB
MD5bbd7b4d1034e7dd1145730049f23d828
SHA1745afe3eeae5d6b8e95966213a16c6f1366593bd
SHA256261585a62b91bf628c407a3dea6285e75b58c15cde628576c105ffe286ab0d4d
SHA512e73624102204a0e108bf623ee5bc11d5e672ac5eb1acb841ae403897c235dfcef0857bb8f674a377f5cca4eff31f1151b7d1fd88fb54ce931610f4ecab666876
-
Filesize
372KB
MD58d2e8643d093dd1f980904e7a91dab7c
SHA1c029eb8393008556fd2d8ed9fe87aba2b9a1b3e5
SHA2566102aa862499a2cc2795c8bad7d14b1b136172cc635e378b646d629cc407383a
SHA512fb90f733ea147c297cd0f4ff818db63aa1fc7de3de570b0f62fe20419aad1379a466be0e1f4d209f4754a0d221d9174f97e9357ff32b82057b9979c643cbb4e8
-
Filesize
372KB
MD587ad04a99b050ccaf5b8956eaaddf3a5
SHA14eba5ecd1f8ba2cff6efbc41fa7970fb536f6031
SHA256c3396eaaab261ef14bb8d66ac16a1966ab73825a5d8e4b0b9143a23a7b9c7756
SHA5124891b30b19dfdd0fa371d3376e7fd5502f6b8e51aefc84d0fa577e4e1ba4112a5d91287e5bf4767ab841a4458f0c5198f1d5f384cc562627eec3540c4f82ef0a
-
Filesize
372KB
MD5b308d5e52fec4f2af75075d96fc6d30b
SHA1f826914b0730a85fdd8394117225670680c95ab5
SHA2562a5c6aff71bc6229cfe41ba172c6450f8c1a608c37dfa45adb9f03c49ade6e27
SHA512e404e8acf7ade4aa72b622da14802d0dea6ae65761117eeeecc31c99b1b82b10abd8eaebee183966f120aa6ab9c69089c12db7638b52093beeae641be0f478d8
-
Filesize
372KB
MD5ed8d35e23bbe54aa212444fc8ab5759b
SHA198a446bc05f80e09f34fad0f297d871149357ed4
SHA256c665e72982336daf64db986c1a364e22ee69704115e42c60e54190df1d3c1ae9
SHA512472aad6208327a3ff0caf41460c50288d95aa5b9b322cfefa82c74c4ecf8707e5e076f545913934acc588fdf9c364fd0f4dd40a61e67fa0337f1dd018ed6f9cd