Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
21/02/2024, 16:57
General
-
Target
2024-02-21_e6a4ee78c5550985322b380aa761b815_goldeneye.exe
-
Size
408KB
-
MD5
e6a4ee78c5550985322b380aa761b815
-
SHA1
917f1e3b88f00dfb3e04c04cfb1722cd2b2a49fc
-
SHA256
65dfe93f9ae2492bdbf77a9dc610971d6fa431aa7a2660463893e2bf566c5178
-
SHA512
3e06710b57016a9246d39a3f35e7ee9041e5a4f828120916682220499e95e2c0dacf0b8c001a495c58d884b83e510254b06f71f1fc00a912e658c519d65a9460
-
SSDEEP
3072:CEGh0oOl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGEldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-21_e6a4ee78c5550985322b380aa761b815_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-21_e6a4ee78c5550985322b380aa761b815_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F2621028-F31D-41d5-B5FB-CE3D44845F18}.exeC:\Windows\{F2621028-F31D-41d5-B5FB-CE3D44845F18}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DE2F4FD9-8068-4e5c-9C52-7BF3BC0C91A1}.exeC:\Windows\{DE2F4FD9-8068-4e5c-9C52-7BF3BC0C91A1}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DE2F4~1.EXE > nul4⤵
-
-
C:\Windows\{3F004E00-AEC0-4d3f-B49B-4E2876B91DC0}.exeC:\Windows\{3F004E00-AEC0-4d3f-B49B-4E2876B91DC0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F2FE72A7-5E1B-47b1-972E-71F787D40026}.exeC:\Windows\{F2FE72A7-5E1B-47b1-972E-71F787D40026}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{ABBEF32C-6A43-43b3-80EB-EBAF0DB455E4}.exeC:\Windows\{ABBEF32C-6A43-43b3-80EB-EBAF0DB455E4}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87311CFE-4922-4f99-B723-FF7E469A06D2}.exeC:\Windows\{87311CFE-4922-4f99-B723-FF7E469A06D2}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1D3AE3D7-CCDB-470e-92AD-53FE994AA774}.exeC:\Windows\{1D3AE3D7-CCDB-470e-92AD-53FE994AA774}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{340355EB-E6BA-4f42-96CD-DF87E79A8965}.exeC:\Windows\{340355EB-E6BA-4f42-96CD-DF87E79A8965}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7D4510E6-887D-4bd0-A3D9-31B7CC2CA747}.exeC:\Windows\{7D4510E6-887D-4bd0-A3D9-31B7CC2CA747}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9FBDDED6-7BE4-49f6-8D72-DE31402E0D93}.exeC:\Windows\{9FBDDED6-7BE4-49f6-8D72-DE31402E0D93}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64032E43-AD2F-47a2-8834-470F630CAC5C}.exeC:\Windows\{64032E43-AD2F-47a2-8834-470F630CAC5C}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{4A6FAE11-1D58-4387-963E-B2DC375AF273}.exeC:\Windows\{4A6FAE11-1D58-4387-963E-B2DC375AF273}.exe13⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64032~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9FBDD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7D451~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{34035~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1D3AE~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87311~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{ABBEF~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2FE7~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3F004~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F2621~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD52b94de515b16d7c601e1ac4aeb1bee14
SHA1b889781b5f6a6279d35f7fda88ee1cb79f3351da
SHA25658724663f0dd5622abb6589b84315b4f7be83858d55104641b47d156cc18a834
SHA51274a0b8c8ffa20f4b0c49531148273ca00d667f3a7ac2076eb51ea84e1e851d2fc2ba390b9a242ca29abd22b095fc820c8246905a0596620b5f7c2773f1cfcd26
-
Filesize
408KB
MD54a946388d377875c31671538a93e2805
SHA149a7f49f75f030604ab1007b806cfff71644fd2c
SHA2563083da309afb88a7b08f5aaa0e93b334dc0f51df259dd2213809dae49d419305
SHA51290b1587ca501ca93fe6ce9f169930448b9079e1f613fb1ef5cc91eefa097d5526b897751c1f2412ed0cfd8e9271d73531a6efd1678a5566e64cf04d8cd7ac2d7
-
Filesize
408KB
MD54088645f4a1df4f9e2d83d994c434c34
SHA101b92a11af33c6e75eb026f28d8b6ffce7df8ada
SHA256bc797145de2b6baa540390451282fb2f2cc9295c0adea4632310b91538ad8622
SHA5126349d56475c2cb753bda91702baa73d23e57d1632dcbb58ae95269d1ba76ceff09bb32d1ce4ff1c4d03011d449dd86b1fb14d2f4a447a73460b7b9197a3833cf
-
Filesize
408KB
MD5ba92d4365112c1f63ae501210e7df69e
SHA1a913abaff194c0912b1abda97507761c22c4685d
SHA256fce6758cf840da8e8d54189d82d26d733a9d549cfac1443af3cd3e39ff1328c6
SHA5129c4e6dc8046ceedaaac8276f70d91694f3201ff967e6ff06b20c11c44efcf3c3d5cc7d635028f926cef951199729df44bcb09cc8686a063d7edb2e9e996b1d93
-
Filesize
266KB
MD520392b977f1db073b41cc75e492eee51
SHA1236421d358a1867bb487dc82fdde77f76608f1e9
SHA256c586b6e00e6425d457a018bcbc18bb08cf1652b254ed80d7a7870a2901053585
SHA512c12a8e3371104f613125c1b3e8bb257f10e0f796f32d1a97177425a3cdee3be88a4a135e4977da509f7e15d431cd6ebc7a8e06b2d2e6e9780859e9ca3dde4733
-
Filesize
408KB
MD581efd5cc374ec51dabd38c2353974a2c
SHA132e68a1bc576f8c269af34adc17711600391989a
SHA256953817fcd718ffcbf37593fb6dec8cb86ffa70d1c2cd3a0ca6885c1c657a4756
SHA512a2929916501d93e5048a5a758a7736039fe983f40662a9efcdc70218a916e10370d04018f12959a84fe61f1ae99613b1d1d3e3f882219aac69d47e20991931b2
-
Filesize
408KB
MD5e758a3f59145cb0689f4cdaabfccd506
SHA101518b115e0234d0450f9bf939118fa79c56ae55
SHA2562c888f6e2abcdfc10d8cca2bee65eb58c77f217998e7a423046ff1b5cf8d100e
SHA512520e67075302834d3ad92b4382499394c0cfeab1c48597e55869ebe16a49f0edb89e82dd721c9b8f2efc92e608b8f682ed263c8454e99d6d4e8900b1190b8640
-
Filesize
408KB
MD50d835f4b15701abaf6012d9aed7997a0
SHA1c26ce228dd100cf2e7058228dfa131151d899396
SHA256f6fd01682e4143bc6ffde13ceb88fd0df82f53da556eaed99653f014c165c336
SHA51293e28de14129edf024b9d5180860300c2789c56cb4e1f7574ee1c447d08086b1c4ed6c0dc6b9bbdad2bd34af17f1e68b1dcd41ed6f7bd8b1a55c301f292c2acf
-
Filesize
408KB
MD5f6d6c09a726b00e14c4769483fe6678b
SHA1ece897719734bfad752fab9696e9ee4b29cb91c4
SHA25650f4c52c7c59b61db886acbe991c101d6e5fd9e79679ae30f40895d6f80e7006
SHA512bd97d943f218b378b0282d04863855f0dd8b5e0a4a5637790100e869add3cd34ae2da03c486bf9ad1bf5a12fed26b15404963ec8a29321417b334d657cb690d1
-
Filesize
408KB
MD5385e4107ddf11dca076bf4955ca94a46
SHA1df195d71b21cc513abdeae640f2c495e0e8720b0
SHA2561c1768f5e13500d852c70d8901107fe4304ea4fa670302249677bfe00e27c93b
SHA512ef1bc618b6a3ea7b684d6c31653b84fa970cb0b2078801fb83707cd7c2c02ffd1491b4788fa62a256298bd9e2e1ea6e9f1847a1435b286ff7408037965f9f951
-
Filesize
408KB
MD55c64dee463c3a67fe64d59c1d2af9605
SHA14ab26c3da3452e1750b8fde4afcd139f207fe116
SHA2561dd626fb4d3c54c94a17c6d2a539989ed48db552e002f5096a7e10a3dcc9d561
SHA5124a01707154277e859b175705fe192fa3b3f768308c9bae8d03860ac13f40fadbbad2e56db95f8bb6d9ce182fa15f37e1a3f386d4621e57e061957c378e8a6963
-
Filesize
408KB
MD5f20985d3553632d018590db2c6c41697
SHA1973736ce6e96929f70d18d0eb6519a0c6d08847e
SHA25664f270bf71f997548a42c2b9c2eafb9d79334fe7ec84bcbe94188829604fa38b
SHA5126a792f3f47917401a3101d30f5c687eac64e61d4b731255fef18a0807198a4cead98ba196851d06b6ca279acae7574c4782c5927b2d09e2a7fabf64a889bd7e1
-
Filesize
408KB
MD5d9785df20eac95a309b009b3e08a171d
SHA17b022194603ac95b1d377ac8a848d8844a8e4715
SHA25689e1803ba273a7f8db78786ebb156b0fc625327fac553bfb322f3a1553d8a495
SHA5123653c76fbcd010842a76dbc930d2449dea0d9a9a4d31659ae45e4be9a5a0ca35c7a0b1f61d9e10f4f7814dd757a7c5ae9740dbdb0ecb9db7f2e5fc98e4181edd