Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
28/02/2024, 10:56
General
-
Target
2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe
-
Size
380KB
-
MD5
ee8677e786d37814a7200bf9e430c69e
-
SHA1
cfc28d1d0223cb0d18ead6b421645828509c7783
-
SHA256
1783e0325fca91b73a56961d301bcbd451ab0392613d54e0393fd0f3b3fd1d00
-
SHA512
692e41c25005a3d11705506708581881d1b87aefcdbd83adba254bd7754ef31c282ea71265617a70f19f0c30f35f746e9b3a1479405ad8aaff2cb2e3beb8bba3
-
SSDEEP
3072:mEGh0oHlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGxl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-28_ee8677e786d37814a7200bf9e430c69e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69F08AE6-B19D-420b-9E4F-5CC24B1D27F1}.exeC:\Windows\{69F08AE6-B19D-420b-9E4F-5CC24B1D27F1}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2DF043BD-8341-451a-A1A2-148090872A6C}.exeC:\Windows\{2DF043BD-8341-451a-A1A2-148090872A6C}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DF04~1.EXE > nul4⤵
-
-
C:\Windows\{EA77D3EF-A28B-43e5-88A2-52EFBF09B1F2}.exeC:\Windows\{EA77D3EF-A28B-43e5-88A2-52EFBF09B1F2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1904574E-766A-416a-BC6D-ACA6926A69B0}.exeC:\Windows\{1904574E-766A-416a-BC6D-ACA6926A69B0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EF278CB0-1C77-44fd-8AF0-29D2A4167516}.exeC:\Windows\{EF278CB0-1C77-44fd-8AF0-29D2A4167516}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3DC983F8-ED6B-4907-AD21-C23B136816ED}.exeC:\Windows\{3DC983F8-ED6B-4907-AD21-C23B136816ED}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{933C6816-F87D-4c6e-A4E9-C7B590BF7D0C}.exeC:\Windows\{933C6816-F87D-4c6e-A4E9-C7B590BF7D0C}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{933C6~1.EXE > nul9⤵
-
-
C:\Windows\{935B1144-46ED-4a68-AA9C-6F78103FAAB7}.exeC:\Windows\{935B1144-46ED-4a68-AA9C-6F78103FAAB7}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C713631C-4D68-44c2-9BBE-F9A0F3919F77}.exeC:\Windows\{C713631C-4D68-44c2-9BBE-F9A0F3919F77}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A06AAA4-A708-4c9c-A775-364B1288501C}.exeC:\Windows\{7A06AAA4-A708-4c9c-A775-364B1288501C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6DCB4109-92ED-4847-B621-9A99C20F0971}.exeC:\Windows\{6DCB4109-92ED-4847-B621-9A99C20F0971}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6DCB4~1.EXE > nul13⤵
-
-
C:\Windows\{978FEA1F-EC7B-4dcf-8B38-D81108EF7F6C}.exeC:\Windows\{978FEA1F-EC7B-4dcf-8B38-D81108EF7F6C}.exe13⤵
- Executes dropped EXE
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A06A~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7136~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{935B1~1.EXE > nul10⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3DC98~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EF278~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{19045~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EA77D~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69F08~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3716 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD532bf3ff282f5e410284469c47012aac4
SHA16c882f123e6d49540f5fc5e34b5995bea6db11b9
SHA256963728c671f3a2be9b7a31d8c13446ab642f310b4ac58362f7575287faccfbf6
SHA512157aca937cef12f84b91940fcf903c32c757938e2aa0ab642946cd84c025a0fb7cc5c827edbbd1086081d9a14ef55ebd2f05cefa865bbab63a051bd23857f03b
-
Filesize
380KB
MD5cf9e6617e6dadea8b6695d804df520b1
SHA1a8976d122edf38992557cf485a6e6302ada1b508
SHA256dd3079a682083ed7d033a2a60017eb81fe7c301342396d11b81dfccbb9b1b196
SHA512688282d2ac314343f60d2d3631140e64569ba8e041f99d9753a574387d59644191d58b417dd87bd6f2b9e2d9e8e1cf3bc2da950823eab75e1960ffe325873ec2
-
Filesize
380KB
MD58b9c4dd52f42b083e60c820c3e9abe90
SHA1df45073634f2ead6ca1e4afab30448ac209ec649
SHA256d41a8f6d5b0007a6e5d5a7347b9df839f0c8f8224d6cd0798114b4cd56720c15
SHA512805fcf3e0e2eb4a6cdfe68d2ed215a6630730d372c90f607c9e9396372fda6327d2c265ab990b23eb18713a22ebcf7895e80aee1115aec3ffb56be19b5280886
-
Filesize
380KB
MD544fb49434ff0076ae9f8181b8a0234e3
SHA15c66513fc6898dbbdedf4b333cfeda56fa4147ef
SHA256edfc25ba18106b683de6e06e4cd6dc99b5c080652bae1f7cd567cea81487fd4b
SHA512062b92a0f9c69f54f41651504d8753c0ae7eadae8c41fa36286cf888cf39b7fb608d4f595c4dd70b103d0042bf2279e23cc59f474c2b864e7d95e097a8e36eb2
-
Filesize
380KB
MD5a9637112b1ac10975bd353c94ddc5f14
SHA16ef1c93fe3729c90202d6b7a632e36b3ef7e438f
SHA2563670de3353a0ce1a1b526c8d9cdcf1ed199c6d980c7204eb58e14fc91a5ff6a7
SHA5123ce052f8f825a0574a351281b503f845a2ae00cd11921babc28ebf310adc7be6068d51a388827320e562b4c4eab901e8b045d9a5143acd8a37be1e523434abf8
-
Filesize
380KB
MD5f65c0436a0edc152bf01effa56eb74bc
SHA1eebf319629d09f32d0bfa8b5e2698cefdb62857a
SHA2565e24964b1203e26b6df04387dada0798ecfa0f1fa12bdf536228191eaa521b81
SHA512e39bbab746993b9292571cf5224cc2d3806f4f0752b08bdacdd0f4d3b0026de7a62365f088a8d35d09b7219c25a20428f4e82867d1836f63cb55d47a554f2a04
-
Filesize
380KB
MD59914926177fcab611e7955e2bedc05e8
SHA16353c47026940c628fd3070d6a20e29545315373
SHA256cd768864a36135a9c053656a2d62a418f34f2a6f7d73d1bf369935949d260637
SHA5122f5093b8925fd57f22fa1097ce833fd75aed3042d2ae349fda519007a6ff7e431080b593124adee7e18794e466e530846573899449587848139cca1d63eebcf1
-
Filesize
380KB
MD5a88c877f895d0fecc835d1fd8c28ee7d
SHA155c2b5ae6914167f01c796d73a9b3c486155a3a7
SHA256d9acc7fe98a27fceab64e15fa17300f269eca946ec370a4f97a772ed5277f23c
SHA512b601af04b96e23601301b0f3d3992afc52844ab983769245f734918c41cfcd9eaccdfe4f0e79834cb107db0177f1c7978a96d93992443fe16c4d2f8dc2d45641
-
Filesize
380KB
MD5153bbda2de51213a88715a42b2453a09
SHA111c286434ddabdec765c808ef585dacb6fd52f62
SHA256453147859ccc37208e69889d0b0a94e6065046955cac56eca21e24b7e564df42
SHA5128b6d9f38900c9f22694df933c3f80cac5c4aa2751548680a9beb3e0048af34b76d6d879e59950ce24e51d9d8b0f6224e8af1428e83dadd573e3ee8578f67f8b5
-
Filesize
380KB
MD5f98218955a3f2c5d1a58d4e107496ffe
SHA1222ba37bdd59a82aecf4e3a7680722cd667590e8
SHA2564b8ff02a86b5d6fdef66ec66dac986813cdae39176297349ce03467e63f0d0c5
SHA5125eead8a1629e8531ed664a216ceaf6ee363cae5e63901bc2bd6fccfe5684ffc7d92f981207ba55c130ce153b06039c4974f0dc1d195d304e14251ae63d852700
-
Filesize
380KB
MD5f7d4017541ab6f68f4a66a75578acd2f
SHA1ea471339896e41144092e2e2a318a5845844b5a0
SHA2566630e42d85eaac068302f81c3733f1b4eaf694301d9c81f8c3c0e3d6c9712b9c
SHA51237d003cf680fc1e30a1f3b1e71d6cf10fb9e6312f94719bec9dfe09b4436053b49ea4a210bcce7b22bf40b8e49c304323b4b76e0546ba32fbc9e0f0ce0b7e47d
-
Filesize
380KB
MD5f64a985f4d9d921f335716343493a08c
SHA1ca4ef93a6c3a6e9251eb637d340ef1d83514ec7c
SHA2568eef8cab4dfcd1d95ac4b056ca4198a3ffe8e513596bb952ba73f09bcdf39ac1
SHA5127577f3f4bc0c5736a237b477dbdca1b777d75ce6a71dcf7da0cad53114c3cfd0984f5b1ae453310208b639e086d6e93af500c33c65bdf5a89b1d4c238783f4e9