Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22/02/2024, 22:37
General
-
Target
2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe
-
Size
344KB
-
MD5
9d2c783cb14279201d52177459fe9b69
-
SHA1
343287523da81b036d0c67e144532dbe6e7b29e4
-
SHA256
4ebf7ebf8d69d2f4f266f12424424acc8e876b6f0cc5697137f205a0e9aae6fc
-
SHA512
3a4f09184b9bb8746d01216d38f41d3d3f5bd912eb18d43913daa8d5fb8a5c8b9bb18731224f9d8d32d546083e2fafe5fedb39286fc574a3f76363dd9235d355
-
SSDEEP
3072:mEGh0oBlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGflqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Deletes itself 1 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-22_9d2c783cb14279201d52177459fe9b69_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C50F48FD-EACF-4167-8915-EFA71CDF7412}.exeC:\Windows\{C50F48FD-EACF-4167-8915-EFA71CDF7412}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{11AB8D00-4F58-42d2-B7E4-8C602D0CE6F8}.exeC:\Windows\{11AB8D00-4F58-42d2-B7E4-8C602D0CE6F8}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3A070875-AAE8-4585-9C75-805029F224E1}.exeC:\Windows\{3A070875-AAE8-4585-9C75-805029F224E1}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F23D9E66-5864-42b8-BCA1-FFEE0AD44067}.exeC:\Windows\{F23D9E66-5864-42b8-BCA1-FFEE0AD44067}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{45820615-1B5D-42f4-963D-2A4F3BF04A10}.exeC:\Windows\{45820615-1B5D-42f4-963D-2A4F3BF04A10}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0CC31BC8-AE7E-4b81-A97C-170934EBE8E7}.exeC:\Windows\{0CC31BC8-AE7E-4b81-A97C-170934EBE8E7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{56C619BA-F002-427c-A2C1-F42AF0B63936}.exeC:\Windows\{56C619BA-F002-427c-A2C1-F42AF0B63936}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E475593E-1AF8-4486-BEFA-8730008E9BF8}.exeC:\Windows\{E475593E-1AF8-4486-BEFA-8730008E9BF8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A3827A06-C69F-4784-9C70-227432E8BD78}.exeC:\Windows\{A3827A06-C69F-4784-9C70-227432E8BD78}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2A9B3FCD-0264-446b-B541-91D1AEF0E128}.exeC:\Windows\{2A9B3FCD-0264-446b-B541-91D1AEF0E128}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C16F2E0D-FE38-4ce1-9C1E-F711BA765B1E}.exeC:\Windows\{C16F2E0D-FE38-4ce1-9C1E-F711BA765B1E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{F40D2EB2-B210-463c-8779-3B7EB8745CAB}.exeC:\Windows\{F40D2EB2-B210-463c-8779-3B7EB8745CAB}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C16F2~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2A9B3~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A3827~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4755~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56C61~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0CC31~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{45820~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F23D9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3A070~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{11AB8~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C50F4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD514942ba2a2d0915becbc50f7e28cdd51
SHA123b6e99f225b899ad9d74534459bef8c5f35cf25
SHA25619d795b45bc798c04f0e06debe2f1490c7b9be1a217a7eb1e265c8a0672f10e0
SHA5122a07e460011aed8423e4197b9f8a6683bf16f3514e1d595ff41b67b9947067c28a11f7a08a9ffd19d1f9a090e2f785c205a951acd6b53d95ce73cf1f70c11ef0
-
Filesize
344KB
MD5da3571773eb14a081277e0f78b506d70
SHA1b29f0650e48e8aae40209e91f9c52159acdcea79
SHA256b4852440faf0acbb3a6a7fcd91b46d5c8783dcb78900c551eeb739cc2dfc9f8a
SHA512f9557c1f1df09fe91da8520c462ff1b24029be0436d1a394d73c44b1a0e4a8c6bf4197f1bff4cb566aa382bd6312cef71f3755aa6bf01493650112de6acccf4d
-
Filesize
344KB
MD558adef916377d635330598e3267fa042
SHA12cb3886a00a2c938ce940845e701a43d5b31648c
SHA25677cbf7d75ab104f460e0f6741331cf0fff2bc1ef42abf67e84c9f9aba8c1d8e7
SHA512986c3942a3843f149c509f25528152b094f4c4634f7f84154522bb131b2a4573f766601933a57fd471a4383d899e929e23b8537a17ad0deae1373f1ce3e55514
-
Filesize
344KB
MD57927aa3956e346c10fe781f21e2cd0de
SHA19d7845c872bc8817824c7a19b383adf6395b37ee
SHA2560eacb50f1c2e1252d500b68b01011708436651ce9099284ad39dd42171cae526
SHA5128002d57126a45c4a779e63c265e24d938f8345f025077ed511b2bcc7c5aa43c7da3ff9949e5fc1536cea3d49167bea2e3c01a346ffe5ddfc3bf0c764afa60f95
-
Filesize
344KB
MD5b05b526f2b36c11b5eb9edf08bbcd559
SHA1d997817ef48bbe982dcb6c10306745ce77162b7c
SHA25602b69304f6bd3a8c07a77181d33be1b827ebde9d232fc718f5ba5453b131173e
SHA512518b7de950572495eed1aaf608810937c46162265ab1dc415a82834798f3dc08a706d9664380f231da3410e6c5f71f039ffaad9b2f7a2c77fc48ad9732261061
-
Filesize
17KB
MD58d0debb93f131ee5bbac65f2c72cc8f1
SHA13a4d36cda94fd3be7cfe40fda5f73bca5dea706a
SHA2563f8bd1646bd1736909aac057b48edaef66a503ac7dc1f3dae1c7c5ccfcdc3145
SHA512f53ca09e8f15d6dee5f396da2fbc4f708264b688332beece0f7c8d6fde25451ba023f1c7583561b67deb91ebe2139275d5a9a0ca2b6e510d949c8c12d36c0587
-
Filesize
5KB
MD5ddf99a755c84c3165e4bd64c40aab227
SHA1732a9bbf7cfe1af8a40c1f6fdfae18f0afdb76c1
SHA256fe00758f9f9c6d3c526dac1a915ea4acc7bee89d5a546c373e3f2688085c63a2
SHA5124f59a66a6aa358c1febec8d8a18e03b1974030e5a8ba5a102bfc2d7eef90b6d4a7ac039f2c8003fd9f1f2c046d4d9ed0fb095a50aead757da9f589480770cd8a
-
Filesize
344KB
MD5796b2de2d891631e5da1b395f57cbacf
SHA1cd40322acb1f316f2bcce180178d70cd1098858c
SHA256ad290f949ca81f841b944318b77408f74e69a56b24b07741028edefb53438bd4
SHA5125446494fe028a4f6ffcd3880f702a8977ab13349e72c3cce2e286d4d12823b730738e1ce39f41d1d906c5529bb4702c76cdd370b90c10db97520f7a34e35983d
-
Filesize
344KB
MD5a7e3fa83ee1681f66c3537c3b2f9cf80
SHA196c2c421ba550628d48871432d7c95179964e1fb
SHA2561c6b5340c8a3a6dc14b9410326d79a5d21557e52397c6238f50f1d96cd9a0223
SHA5129e247d17fdb37b8175419321866935bf1ee57202dcaeec4712081c7daa81c63c640b1c9aad3dbe0c7d17321b7bddce29c83f920a7b02490cd8d4b944f0d39d2f
-
Filesize
344KB
MD566f83c589433aedef766a06a4c298b36
SHA1281446d58be1cca8c33b0b12aa2973c10d4b7be1
SHA25649cf6a9e17d97dfa39b3e44e203a164219ba883479b2edaf155697bf27dcb358
SHA512a991857bc37facd1476b72413d09551e8cef966ce8bab9ca369abaab4c0875746cc61bb80938df7a06c579071b3be5832330583a4af75f49b13ab49edd5eaf23
-
Filesize
344KB
MD5be565a4ccb1653d10b8d8f3709631810
SHA199c0257f0f206a5c8cd09c008963286e141052d1
SHA25608265357a5e752da1c274683ba868a036ce731dcf741303a54ccbc67828d27e8
SHA512e85599ee0bc34103912a121107d053e5a6752a9daeba57ae50e9de70f4f4fecaa8e6699e89fd046ff6e3ea2669d3e011eabd4fbd970319d1661bd3b2c975acc1
-
Filesize
344KB
MD531af047df3d54f2a2fe02e762fd5d9cc
SHA1ee06f7aaab1bc229dd0acc56eda9f3776521d620
SHA2569d79b1c4db90b9ddc0be1574cc8a6ee23bb9a301a61f045a33af91c773714d7c
SHA512636c06baf111e2afa8fe361cac29bc5620e25b01af7042915b7aef841fd5f71736b151e85c3a199e8e22480759278b4d64522c0f4d31cc88d40e459e2de10824
-
Filesize
344KB
MD5ee4a3163104ff39ed0936fe86a79d0e1
SHA1a50f09e740f9c56108f34c518afc7507d1d5e113
SHA256a88b3237cc1bc6c7391d66860377c14cf3659ae606b251a80fd30e69deec14fe
SHA512c09df0bf54522cf57b4e79c886e5c126bc1eb7e31eb2f6e17ebf7483f87a4dda6784bc570a6d57a24bdcde9b399281d061c6562df2c30d69712b1e29b058af35