Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20/02/2024, 06:48
General
-
Target
2024-02-20_93e0c1d832fea2fb903ddd630164c459_goldeneye.exe
-
Size
372KB
-
MD5
93e0c1d832fea2fb903ddd630164c459
-
SHA1
386054b00e63833efd992ab1dda83b4a698d5080
-
SHA256
be6df662535773e6f3cff293eb2c7b824bfb086830b4af47ec11550c6896349d
-
SHA512
950fb97148c2b7114f0f261e37aa9963ee38f819b5477a1403fe8b7b553c8023e5ee030713c0b3b8af1c0833fa5793c27909272ff7cda8e266b304c0a7e6e7f7
-
SSDEEP
3072:CEGh0oqlMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGMlkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-20_93e0c1d832fea2fb903ddd630164c459_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-20_93e0c1d832fea2fb903ddd630164c459_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C676EE48-1E49-4f1c-89D0-5ADB7CE6ED0E}.exeC:\Windows\{C676EE48-1E49-4f1c-89D0-5ADB7CE6ED0E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D812DB20-2891-41d3-89B9-0CED5BD39763}.exeC:\Windows\{D812DB20-2891-41d3-89B9-0CED5BD39763}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{155B07BD-9829-41c6-B8E5-D032CB942A71}.exeC:\Windows\{155B07BD-9829-41c6-B8E5-D032CB942A71}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B7CDEE1-68EB-4831-B7AD-466995CB0979}.exeC:\Windows\{0B7CDEE1-68EB-4831-B7AD-466995CB0979}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B7CD~1.EXE > nul6⤵
-
-
C:\Windows\{8F0B02D0-DCB5-418c-B5C1-91AA51D4E9CC}.exeC:\Windows\{8F0B02D0-DCB5-418c-B5C1-91AA51D4E9CC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69A83BD5-D9C5-4842-9FAB-56BFF3B892F0}.exeC:\Windows\{69A83BD5-D9C5-4842-9FAB-56BFF3B892F0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C22D9285-7BFD-4948-9630-3FB4B634DD66}.exeC:\Windows\{C22D9285-7BFD-4948-9630-3FB4B634DD66}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1B8E0847-349C-4cf0-B698-FC803ADF3969}.exeC:\Windows\{1B8E0847-349C-4cf0-B698-FC803ADF3969}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0B87C578-C8AD-41e9-B0CE-895A018363BC}.exeC:\Windows\{0B87C578-C8AD-41e9-B0CE-895A018363BC}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A89775B-440D-47b7-8439-C74B3E5FB88B}.exeC:\Windows\{7A89775B-440D-47b7-8439-C74B3E5FB88B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6F2DBA5E-0AE9-48bd-8029-3808EA9554FB}.exeC:\Windows\{6F2DBA5E-0AE9-48bd-8029-3808EA9554FB}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{8F511633-90B0-4dff-9BDC-CC2FC5170D68}.exeC:\Windows\{8F511633-90B0-4dff-9BDC-CC2FC5170D68}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F2DB~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A897~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0B87C~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1B8E0~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C22D9~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69A83~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8F0B0~1.EXE > nul7⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{155B0~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D812D~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C676E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD529f45d70096eecf5f4bfc076bffd4a02
SHA1c2b958a94fdd6384dfb78c2870c2b9e22ca5a0b2
SHA256c79f5b3d7b258f22d2fd84b10b84c550e29a814db5eeb33c0c4e9a3a87328860
SHA512190fca87585d82294e767549f27603676e3cf7b5166465a61a2c15fdbcc329eb74a42ed184899b79d3ebd38329a2cef18340e04cf330e7f235e9382b687c7b4a
-
Filesize
372KB
MD5ae1a6d430822f3a589e7a2741cfdea70
SHA13500d9abc2efd6defd1e507c8d9c365fb605df91
SHA2565db64b5c2d7c7ba7c9a97146ad5406801cdbe26d9bb7a0c4def1c2c6e5a9760d
SHA51229b8b80993ed540c2fe244f26e3e0d55b256cf07e9da332b68b042f45144c339c67a56ca95071682a3dc6ab3f4fd582536e1db9aa8cd957130a40b896f6d2fce
-
Filesize
372KB
MD50a2d0e9c0b40bd50ebb1e4c07755f059
SHA19ec3d6a03713350272ef220badea2b128e07e924
SHA2568185ebe9e61d3c24eccc425b4b901a5cbdbef773b6ca198cbfea3df72e0963af
SHA512201874b9a30852511b670e43f719714ea28336864b039bf0c1a4b137dd06f446b928b5b5a9708fd9dc3853d50fedbf15c015257568fcb188c8b632c1f4fd2340
-
Filesize
372KB
MD573174e2390b9dadc592c65cfaaed8619
SHA1cc5c8188e36d088b2511d479c6e445dd4cf974e5
SHA256d989a11b68c6063ee18caf96bbc57f5001dcf8d9212c636674cc0a97cd31c6d5
SHA512d8474daea24c8dc1ed55cc64a7f98270fc7d88e3cfd2b34648968beb1255c72af5da33626559e934c43a7806476b1b0f448cbfe3219120a7221f49a606c98ec8
-
Filesize
372KB
MD50a3645edfac25f9b1d82f70c7f508180
SHA17845bf29bdf2c277b13668a83a21759e3039ffdc
SHA2567ba265b25fef7488bd2db477f937d11e86d64308b27db8839e9b1b35bc3665d9
SHA5125839608b04eb68ee0c01d18b6a5c5a0022131e046aa88b0e122e5b36d59621690ae139106751046ded9f80ccc61c0a985a6288c91bfa767c715b288924bba2a8
-
Filesize
372KB
MD58690e020337fcbef717320ced2dda6ec
SHA167e634ebd5bf0ff9ec0c51814aabfa03a0df44ea
SHA256aa297f1b70dfedfdfa2e26cee66f3468883404334c4f13dd65d9984ecdaccb15
SHA51206418447d6eb27fe66d7799b5d1ac0efd6e67aa4549143b2d993c975e666afc5c1558d449b1ae5027139edbbb85bfb74768ec003a4be56404d421064eadfbbc0
-
Filesize
372KB
MD595af1f978543cb4dcfe4a650afeca0ad
SHA17c78e2211e96c22c1406ad2f34e48095785c3c1e
SHA256ccd8d9dda433acb36df735946e43d243dbf7f6e0be80fd6fa134e36098ae4cd6
SHA512c0c668537f712535c43fc32554ec1a169ef46b3e414d39319b5a4770ee1a2bcafea9a7c7b63a0dbab6cfa5480a4f91a6406d5aa5b1b5da43b053a2777f94ab6e
-
Filesize
61KB
MD524cccd6a92ded4f08274f3106e98e028
SHA11daece8f630e99a0979aa9ae648814ee45b70d17
SHA25664c3d55303b553faaab2f03cce59154c1a365e3241bd4db129154d5706c9ed5e
SHA512f24500d4175f90a22e1d4f176a9a3f40274eb15c83cbca42936a1fcd27ed75216b34a915b3c2ed8f3b56300cf97309eec1c1a3ab5de5dd5142107edcd801b101
-
Filesize
372KB
MD5618e2c212e917549f5993f15e4896ea3
SHA1aaa477f17486cf8ddaa6029ceefa2674e6727cde
SHA25662ddf789f5ce99184f601b0fa93856e2afc054e6004f07b1901c2c491f18361c
SHA5128d68f31c6af45b3216a82fbff249ec0ac26bc5af68c24f96cc48592d11f108fdfbb501e56c35b669c6d41a34241ebb73e8b4149ee24733d6aff610baee92e2ad
-
Filesize
372KB
MD5b291de24363977a95b05fe6aab30854f
SHA18f08623ea1ffcfe2df6972d0a929c1d25085e464
SHA2564c4818fedf7e7931bfe6f7ce0279c82cb8d2abf0937802914f2b41fec0e7599d
SHA5125c50028e82e740d01a39750e1ef49d12a7a164652d2cd5b2d0fa5e306b929dedd63575bdc7b7461bf0627847eeb622cfdd4a8fc1dc5f98ed4727cf4c412d8241
-
Filesize
372KB
MD518580709402fc75a29c0c0bb9670d573
SHA13aa96ea80bd3e2a83b1276661297b48d3427b55c
SHA2562c4dbefc1904cf293e388d53733de31b8bf8c382ac5ce171a1d49fbe440eb3aa
SHA5125f4a155c235ac1b56b34a4e45f5fa9d870caa95af2f91f4557ac0238a67e65f602ff0da044c9f1745e07d7700ea8648adfa004f2a08b8ef13e49c020dc14c944
-
Filesize
372KB
MD5d769275c41aa1293a8d7d65616c36194
SHA150a838b0da0c3b77665cd7ab8ee08deaf3a66ff6
SHA256220580f645acd734a1a24b5b4673d794acbc32e092617e81d7a56028aa697785
SHA512a92f1598aae1f4a047d76b4cb9d7b04a17e9035c123144ab9295a2e64e6f3a64f923e5095d57b13066f336b8290145311232df37f161460c60e8aabe6bf6ec0f
-
Filesize
372KB
MD5fe5a6b76b6d42c830830938d2d968624
SHA19d4391442c54cd8b400c029f9027a1280885a698
SHA25617ff0453abc12e5841e3a59a3ebea5d5c2e0eb3e6eb225b34475602ff90e2f1a
SHA512000f14be020563c839838121f574ee1373dd99075ed2b3a674721eee92935da98e9a676c49d06ca768dc6cca822ee901e8e2557bcd5fd708abacef41312110d1