Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/03/2024, 18:44
General
-
Target
2024-03-06_eff4b2dcbf3e8f535b61d89accd95b8f_goldeneye.exe
-
Size
344KB
-
MD5
eff4b2dcbf3e8f535b61d89accd95b8f
-
SHA1
5d383a00d93a35b5fddd76cfd8ef9c7357c2a325
-
SHA256
1df90f64895d9f0020d3ef992528063bc33c983c9cf656f6c35d6cec7e7b5f12
-
SHA512
0e25379a9a955acab0e0df4449d5345675f19ed2012d98cef359a8c1f20db318336552328b9af970f97ee7efc6d5e7bfc6cd86d4c61cc66c2719e5d5ec0f0e92
-
SSDEEP
3072:mEGh0oVlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEG/lqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-06_eff4b2dcbf3e8f535b61d89accd95b8f_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-06_eff4b2dcbf3e8f535b61d89accd95b8f_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3545E3B1-6AA8-440e-A8C2-411F4656B8FF}.exeC:\Windows\{3545E3B1-6AA8-440e-A8C2-411F4656B8FF}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A51515B-7E43-4f6d-93A8-AE0D2AB9535E}.exeC:\Windows\{1A51515B-7E43-4f6d-93A8-AE0D2AB9535E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9B9D05C-D8FE-45d1-8311-7CF78AFC796E}.exeC:\Windows\{B9B9D05C-D8FE-45d1-8311-7CF78AFC796E}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{757F3EFC-D44E-49cf-88E1-3E99E546E308}.exeC:\Windows\{757F3EFC-D44E-49cf-88E1-3E99E546E308}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5E600D93-0348-431c-B8C4-E399D0C8927F}.exeC:\Windows\{5E600D93-0348-431c-B8C4-E399D0C8927F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{87D09B7C-4904-465c-9A92-B4546A036571}.exeC:\Windows\{87D09B7C-4904-465c-9A92-B4546A036571}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D4C2E82D-F3A9-4ef0-8A5B-E979952259E7}.exeC:\Windows\{D4C2E82D-F3A9-4ef0-8A5B-E979952259E7}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{225255A6-FD4E-46ad-9D90-01393A8081F5}.exeC:\Windows\{225255A6-FD4E-46ad-9D90-01393A8081F5}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D11B205F-448B-4638-A2B6-45B2EFC7DEBE}.exeC:\Windows\{D11B205F-448B-4638-A2B6-45B2EFC7DEBE}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{407C413B-7E52-4ad9-8249-8E42C9D553CC}.exeC:\Windows\{407C413B-7E52-4ad9-8249-8E42C9D553CC}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{16F2BCC2-8108-4090-B4E9-21E0D530C34F}.exeC:\Windows\{16F2BCC2-8108-4090-B4E9-21E0D530C34F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A17F4AA6-1469-44f4-BAB2-82FA8524AA4D}.exeC:\Windows\{A17F4AA6-1469-44f4-BAB2-82FA8524AA4D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{16F2B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{407C4~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D11B2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22525~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4C2E~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{87D09~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5E600~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{757F3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9B9D~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A515~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3545E~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD543821d0c6f5a7cbc831f44a333c00bd0
SHA1801ec69f080ffbca0df3338245540e15c941be56
SHA25641ef7b18f17bf7441613b1e49b89630cbbee8fdf71d4ec35872476c3ea677969
SHA512286ebdda0f35b7fc7bf3e0f71dea5398708678c0ec2a9389736217b3f9b5f087032fc50a5fcffdf97627cf3ec6d0e9b930ea412f22edd02668ec5227d65f6fc2
-
Filesize
344KB
MD542d9d82c6667cd10cbfb227f6b8438de
SHA1c76664306ff542b2bce34ae005f5a88bfde9f5ce
SHA256aefdfcf08e14138755d3d90408c938332a0464f54f4c3e4edf82478bcc61d074
SHA51272a954c8a15b469512375045d6450dbf8c51a01bcc8024a11821af71e7dfb67811275d98865bcecdf510b07e2bad965ee0c52ae01cabeae9160039f941fe4c5d
-
Filesize
344KB
MD5eae93b35633d92772f53997e45943c3c
SHA17812d69e7d541e5a20563e54bc618b49bda70dd6
SHA256bf9edb2a6825554b13273c92c466a4c2f2f1910ba9f7985c7ab51dfc56aad7c3
SHA51276dfc031aad8de76bf8e12c623948080c9f796dc0ed868e1b532422d32aa7bc299ae3ea823373ed8e7653d7a95c93270151c30388f5902d4d8e7564e8dc703a0
-
Filesize
344KB
MD5c12a77f1e3137c78ada8b64ac0c6609d
SHA1fb1cfb138778dbb7fa0ffbeff989929e5a1f8896
SHA256986c24ad2c53c22b4a1b4ff41b2f2b9fa9df05a3cb50da2566388e535e8da4e0
SHA512155cd19ed2c073577167f12cbd3a3e996d23742271ab8701aa567e0bdafefaa7cba785819cd9f8d97583de3b593cebdd7d87d2ded4272d8cfad6184fe41d0b72
-
Filesize
344KB
MD5963e01c082dc9abcafd0be91f80a8362
SHA157df7442a688151ce1ab32d25f420c132839908f
SHA25602d83a99f7e06349f3c87b8ba19814eff96c700064bbae32e1a829ece7293c1b
SHA51294b54a820ff2f0473edf02239e0d9c3715d5f0c3272429074c6a434c5baf6131bb0c8f67e0b5b05788b4959883f5703fc01d67e2db9bdf73be00fcd6f1e2fc5b
-
Filesize
344KB
MD57e6a04ca07c7c702faf42f7fa85d4088
SHA15c51b6db94cca7ad3d633ea19e1fe03217f856e7
SHA2566049a13e46ff87473d5066bf21f01d7c232c1035a8cbe4ff680edb3fb53ce51c
SHA512b70cc32c6b1ff7989784357b11f2c9c82bae13c7b64afc760427bcdfd961433e5cf89908c98a3db94b4ef4a62dabba638cbe28b230b5fc0cf68719e7cc2b68bd
-
Filesize
344KB
MD5889033c7373b4eca1cc59211b5368c64
SHA1bef9c8b48d0a0b900241ad33d4d1f5482f8f254a
SHA256c7d7ff226e94bec99c4f4208874ed6ba941649cd2ec3b9d36aef57024cce91ca
SHA512e8b38959334543d871c5919fde5a6228ea81a4e122ef9ca18e5a676bc97a4f3ae637e0a29d372cd3592e83a60d3c46ed3b36b41f4380bba3e1f8e5a4e5d62b98
-
Filesize
344KB
MD58ac5c9f59073f9dbf2253e433e09e1ca
SHA15aa55cac5da55c3aa03a92e9b98cde7804d04704
SHA2567dfbfe85241e1be2598f06aa98d714fbbe31a67b43fae4637f8156a81309f674
SHA512ab88526f24e6510d224a5098a34aa0dc0115c59f412c07da942debc0612a64fa26369bfba8633f53e2fcac6b49e1c73b7e68831bd861fd8b4069f2eeb7738f9f
-
Filesize
344KB
MD50819b3394e2071af7d5c44fd02f1134a
SHA10f779f95320cbbd5a3e60e830925899bc6989e25
SHA256f08ad8b4ef4b9b82a8f3575536547a3655083c4d55f4f06b198fb6f8234c93c7
SHA512c351118681faa2d79667b8bdf031c09b724b13912fea804dcdad743cd3b3e89566324dccb30fa43eb0d2fe5db2b21ba4501efee7cb811b58deba0a3b00f432dc
-
Filesize
344KB
MD5e626e25dbbf37bd3d03f7a3c7495ed9f
SHA1a05ee227a06a57572cd283b7308fb97acb406370
SHA256ecba81248f890be6716a0a36d77e7b6b260688c7516bfb731483943e26621415
SHA5124f17374774f0a7de6a28cac9862ead01be1976906bffcc90d529e6fcc73e0edd58a9ecb3811142804b2aefde90c2db1334e242a9fcde3b108cf8168e7bf62ac2
-
Filesize
344KB
MD51a07d7ed352cf06c2b1c454bfed6c1e0
SHA1084ca03d044992370859793fb73c64b152635a19
SHA256ddde9d1a737c5c5d84ce37f69c449ad6b3f15af544abb64f35b2ebb1a1f77a80
SHA512c4fd5e9ab6776b1e5553653caaab449f68996e823870875d01653bf1bee0939ea5113a7dc5cfb726141fd3864855670d5b1560c5892d4dee6945dedb5b7c8f1f
-
Filesize
344KB
MD52128f576fe92b7ccf9e58f2f858e5f7c
SHA15b9d9c39ca7f0ee9cea05011ad4f4d2c8a138510
SHA256b174017b881278a18eb32dd0530588636501868d94b2eef8f4c1d0d08cd84f90
SHA51242efcea8c236fd768d951835ffebe2f987f77337108fb12a5a1635d96fec7e12b175f9f0be573cb799b679f821ceabd532d14e2ad7d6035e166196c2323ab70e