Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
20/02/2024, 01:58
General
-
Target
2024-02-20_e9482bbc1da3366a20a2e00bd5e70715_goldeneye.exe
-
Size
372KB
-
MD5
e9482bbc1da3366a20a2e00bd5e70715
-
SHA1
f705e211582a08fa0898b439499f42f44ed676c1
-
SHA256
406aa3426a61f5c0e3558897f2b4b3045a9e572fe32ea8e4411be18f98636a26
-
SHA512
3b21297cb609b58be66db83cd94412928767c0c6aefb3e5a224d74588d1dc322cadb7113c3484db4e48d8e01229565344519b5045961d5362f4d96dc673f89b5
-
SSDEEP
3072:CEGh0oklMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG2lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-20_e9482bbc1da3366a20a2e00bd5e70715_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-20_e9482bbc1da3366a20a2e00bd5e70715_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F03FCCBE-473F-4620-BC6E-5B9818BDC974}.exeC:\Windows\{F03FCCBE-473F-4620-BC6E-5B9818BDC974}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD447BC0-BEA9-401e-AF34-A65B11E8CCA5}.exeC:\Windows\{FD447BC0-BEA9-401e-AF34-A65B11E8CCA5}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64E449F9-3B09-475a-9F51-4835ED9BDDFF}.exeC:\Windows\{64E449F9-3B09-475a-9F51-4835ED9BDDFF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{20436256-1055-4bbc-9405-597B1BC5D685}.exeC:\Windows\{20436256-1055-4bbc-9405-597B1BC5D685}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0FCD75FD-8311-4417-B24F-C242A327E209}.exeC:\Windows\{0FCD75FD-8311-4417-B24F-C242A327E209}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87BB0B29-1604-4be5-BEFD-5D1978665FEF}.exeC:\Windows\{87BB0B29-1604-4be5-BEFD-5D1978665FEF}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D5FB2358-9AFB-4786-BCF2-E87693C27438}.exeC:\Windows\{D5FB2358-9AFB-4786-BCF2-E87693C27438}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8143F8C2-E01C-428f-8A4B-C7B662DDA839}.exeC:\Windows\{8143F8C2-E01C-428f-8A4B-C7B662DDA839}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E3DFBB7B-3726-4b2e-866E-B2D117F9DBD5}.exeC:\Windows\{E3DFBB7B-3726-4b2e-866E-B2D117F9DBD5}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9F0BB987-342A-42a0-8321-008514177595}.exeC:\Windows\{9F0BB987-342A-42a0-8321-008514177595}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B74A831B-BE1D-4c9a-8EC1-D15A57907B47}.exeC:\Windows\{B74A831B-BE1D-4c9a-8EC1-D15A57907B47}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A4804B4C-E1EC-48a3-B968-84A50E9407BD}.exeC:\Windows\{A4804B4C-E1EC-48a3-B968-84A50E9407BD}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B74A8~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9F0BB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E3DFB~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8143F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D5FB2~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87BB0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0FCD7~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{20436~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64E44~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD447~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F03FC~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD5d5df69f3e7835e980c580ba5eee448dd
SHA1eddd0617df1f84191c1e076cbd3759d50f6145ea
SHA256fade5bbf2b1a9ac868709ed11f4248fed478d07500649c5737ba175a7bc4ecca
SHA512a2b3e40a2e35a0932f54f91f867b5fe3f27be60a2f58dc1d876c274ea1a50136c828daf548c7704bd438813a155cd97e2c21932c86f340a0c1a00b1e4dba410e
-
Filesize
372KB
MD5eeb8793d081d72bae6f2ed474b615421
SHA132b91c133377d1472e6552fb3b25fec55db0e379
SHA256615c4443f6aa0201e1dc17362f6e4aac199778e4cbe6f88e78be407f9ead8f53
SHA5120aee08e19ad8998893f4050c89e6a330b3f8418a0c95bf7e61ad7062d270bb66d19c847ece54af5b46501823a2b25d822ec9746b815e2074a6c3e9e1212b7b82
-
Filesize
372KB
MD5bf9bb63d1a5e3d99af5be006f412ee74
SHA14d69dba003bc9051938a9ca4b6eced5f74bf41bf
SHA2566f820c9c80c2b70412061e7c9b10ba9b6757aac0b5082452acd6609cab4b7c2f
SHA512e755e7ad6af385d962a0c16a26fc14637fe81589025ee6ae1efbac7a8264a3ae564b4d78806dcbafab89421710b928afc5f9ce76450fce14d2a089b6b1fdb3c0
-
Filesize
372KB
MD56d79c1a392e1e5d3619c212c2d4b4e14
SHA103a55b6b3b69b3c2cee1b84d9dc2a92c4c9eca89
SHA256a4ed5ad22e2a5b7c5be3e5339e294a146099a6bc75117fe39002921e9b07d61d
SHA51239bfba1c2a18c50151cad9c2459018ff04483edde6374c3a6f00005825cf884dcb53efdc34eb711ba71ef448c736e4f5d4dc4dd61d9aa7e71e369d06e9dc61c5
-
Filesize
372KB
MD547976ac335124e7729bee31bf11b4d94
SHA1409f77d414f074edf863c9f11fbcc475d1fc777d
SHA2564d59d26f37ffcd60489b73ca253a66dddc7c0c0df36ab9357f57610a660ec28f
SHA5120569661dd79a65ce682a7fd1d989ea39ecfa582d6d15904e90f2c0e0951f5957ad5418eed9d1d4a92d7fbc21a67731532e3d6e915b56a2d392593cc9b905be6e
-
Filesize
372KB
MD5291de5eddc0940cbea2aba6aeb14506f
SHA145c413aab768711407b0131297700696526968ff
SHA2566d2fd4f6b06a458cc4fb066c02ecdc0c0391dec6f3d52c5db2609629acd3d478
SHA5123632268d3af001577ecdb721e6ca1a91841409cdc0a3b455f3001ceba4a3b297a9e3d6b6da6557d6f2fd86e01f8336bc47f975841f63133d75de229f112daad9
-
Filesize
372KB
MD5f93439a87516d68f19b21e776a61d4a5
SHA1f5ff55e5bab86c1f57e3cc6d6df1d1eca48969ab
SHA2568cc18dcceddbfc9de70f6e9bbce807a6dffd6b654498893b3ec80dcc082b7677
SHA5129da169d9bda50606305f5f0d1f834ea83efd073c9f725e64798dc398e1ef7bcbb6d46932bcb6e348023bb32b2f095e62e9874b12048ad584ade50f995ccee55a
-
Filesize
372KB
MD5ae6957d1cb65d03844f328624c3d7212
SHA19733d7896a840dc9f6b8a3bf6a816ef4ea464e45
SHA256ec8aeba0dfc2dcb6018b0791d99a13b8e0dfa656ab1b38701301a1d3f00c8bb7
SHA51200bb2d3ea5df5a541393487e169f6cb4d1a3088aa1d920ea1d2d43bc2a5c8184b9b25322fda3418bd6ecedd68c3daee93c0b5b488a5189a86ec4b89bdb4fbbb3
-
Filesize
372KB
MD5d4d9d350b2be2366328fbc6fda02a1fd
SHA1429eba8a103d9dd3f9a21b013ec2bcd0c99d4059
SHA25642918bb4584dce1f605f539e928da5ded361d28f85a35c1061f0f3ccf03cbf1d
SHA51246cd7bdfab441adeb1d164249b45740dd1eb3241a6af5311b509ca640993b384658c00e3dce11f45e6ab2d7d880b9f0abc630e99eac2facec6681f43aa0387ec
-
Filesize
372KB
MD5cfe6fa7ced38846f222842f537e3ed62
SHA1464afc8582e00ae7cea957b76b4906ed2fac5ae3
SHA25661f7573df953cbabd90815eba7a46c590548c71ac72035b15ed4daab78572d5a
SHA5123d671ee515dd3d6ef1c5d204fad3d0e48eaed92b74a77d232c102711eabae33a8fbe0b031e4969219fa1159e547ce22850094a1317ff04aa4b387eb92a92f15b
-
Filesize
372KB
MD538def28546617386d0e74c99904e2233
SHA119a2b46ec01074c372036a761c8c2343fd0de7c1
SHA2567a109aaf9558188ed3ac7d584eb3a6186209b86986540ab56b0e098124b61b85
SHA512993f75d3d50d97767e32b8f3ae4c0a419224c8c511c9b132adaddaa6edb0afd9433b3990ad4dbaecfa6d54e69f8aa34d18e4a03587823087f045d791d324cf3a
-
Filesize
372KB
MD5d5d3cd82680eb0ff171602e2b7504808
SHA171ebdc0fb0f9cdd1895e3d5c995e3d155f4bb3a1
SHA256f534bc2a5064d6309511575c93bd77bf45b3b59c31aa1af974c9f54ab2ab3371
SHA512e0256bee7e6bb6cda600050dcf795ef6a03984815db8728c54bda9deb1bcd8ef28dacd2afa77b7b8c8c6640ce549a2a8f0de7ae863216ffc9fd3c230361125ee