Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/03/2024, 12:35
General
-
Target
2024-03-09_b4b0f4edebab3d2fb68db1d7b1319bea_goldeneye.exe
-
Size
216KB
-
MD5
b4b0f4edebab3d2fb68db1d7b1319bea
-
SHA1
b6219fe62cfa07f910034a10b83dc21e23637faa
-
SHA256
bcdef0a8f8bcfa0421d9716cc48cf5b3c88c653171bd61b1ed5d822b46973eed
-
SHA512
6772e20ad0e9e6caf343f67057dde7f8ed92b2436c03f20ead911fa2dc702acdca4a3ba6e6ae08045264d829522afca0e4b5c3147203fe8a9de117553329f93f
-
SSDEEP
3072:jEGh0ojl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGplEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_b4b0f4edebab3d2fb68db1d7b1319bea_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_b4b0f4edebab3d2fb68db1d7b1319bea_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D7CDE35-3EE9-47bf-AC47-BA601E34AC5E}.exeC:\Windows\{0D7CDE35-3EE9-47bf-AC47-BA601E34AC5E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C4145B38-6718-44d4-B5FD-33D1C3C3FA30}.exeC:\Windows\{C4145B38-6718-44d4-B5FD-33D1C3C3FA30}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C42BA89C-FD1B-48c7-A66B-176F6CC3758B}.exeC:\Windows\{C42BA89C-FD1B-48c7-A66B-176F6CC3758B}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{80642CFB-5B07-4a36-8C18-9F30D00B1B84}.exeC:\Windows\{80642CFB-5B07-4a36-8C18-9F30D00B1B84}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7613DCEF-3B79-4d8c-A4AE-DD27FFED2093}.exeC:\Windows\{7613DCEF-3B79-4d8c-A4AE-DD27FFED2093}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A0F66EB-8218-4134-9440-7E0536AC4706}.exeC:\Windows\{0A0F66EB-8218-4134-9440-7E0536AC4706}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A688D7FD-FCF9-4cec-B7EE-239984FFAE8B}.exeC:\Windows\{A688D7FD-FCF9-4cec-B7EE-239984FFAE8B}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD2D2BD2-117C-4ea6-BC4A-68ACBD0E4EBA}.exeC:\Windows\{FD2D2BD2-117C-4ea6-BC4A-68ACBD0E4EBA}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F82C359E-2EFC-4067-8348-9AD951A11DEA}.exeC:\Windows\{F82C359E-2EFC-4067-8348-9AD951A11DEA}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A5F9BA72-6221-4298-A6DD-9E2D72643C26}.exeC:\Windows\{A5F9BA72-6221-4298-A6DD-9E2D72643C26}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6D2EF0BE-0C09-4877-B12F-1A9BAC11CC9E}.exeC:\Windows\{6D2EF0BE-0C09-4877-B12F-1A9BAC11CC9E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{618CA425-0F6A-463b-92A9-9AE3E1AB420B}.exeC:\Windows\{618CA425-0F6A-463b-92A9-9AE3E1AB420B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6D2EF~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5F9B~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F82C3~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD2D2~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A688D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A0F6~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7613D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{80642~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C42BA~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C4145~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D7CD~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5f90aa0980438a2c8641913ea8ea4968b
SHA19c71a6ef24e7084eee06e7d44f9cc79bcd0cd3a9
SHA25639e76282042a4b17a3e3134f9e4eb4d5a221e16db37f6950ed0c63ae7a112897
SHA512f1e530aba09ed00026a491e857f3d95314cdd1524f9d1ecd68e38b05a467347c91be75bddaea3417356c98a2098f074731a4ab17112a09ab7a111ceccd2737ef
-
Filesize
216KB
MD5b06e40d1cba6d87b44e03fddf094292f
SHA1226cea2bb8bf48c402f9bd0de58054582058e699
SHA2569630239413f0437b7a6165264b6489af46dcf0fe935b20f053c90502df3678a5
SHA5124e18319cd432ce2802e0346882b96818bf3ea3a70a3884dccdcb64c0c321c73625bda2451d65a51766e8f128126a7ee875abc476ef47aba10dd109266749d72e
-
Filesize
216KB
MD5566e66aacc935670be29270ecd138f49
SHA1fa8528bb04a3f682524df5b295a40e3552d3d1ec
SHA2565cb9fa54e30abe3d83f17355b95863e024bc57374c63a5c5b309a6da880aa776
SHA5126ad61bbe2d4f9f4da3c7183c44553c97532262f2ca3b88b8542cfdaf0f84ebc1272be88f581feaf56c314d93a37443c6b87b2a6ebb5b3d9a21d3d63194124704
-
Filesize
216KB
MD5cd9fd8c4f2f82c052b8a472e800dcfb9
SHA1513831e505fbc9b4369ed5166edd2db22316cc0e
SHA256d79900a4280a3ca2e3589ffb4c1c45c74ba9ec6de1e926015ce8cb1ea08a0384
SHA512b69f427871a6f66c8c9e83575933ce5d7d1f12df271b7034a7bb0842a1ba296ba8620bd4d3ece1b4e75d48ceb701355337e847eb050b2aeb75f081186f625bc7
-
Filesize
216KB
MD571e9792d7cb4a5aea0597ab660d1d0ae
SHA132800b6becc3ebd0d45317bcc41181cc000dc8df
SHA256894d33324f673ecb8f5c3ede77ccb93333b53fae1f93c56d846b5e3a82f82bf5
SHA512ca94f2b967b60d4908dbac533ca581fe80eca90f1e38f6d91a0abfd17eaea244d60ec6ee261a8a600e2d2dfbe5671fa857efc54d06438486b6ef9a0384c13c99
-
Filesize
216KB
MD59a7d7c86c90b84f26fd92909105e194c
SHA11550f161408cce2d5f4b56da2931d6f7e3dca15e
SHA256e150d72cc38e0a593ce912cdd88e89218993fc51c6ebea88aec0bdff3f396d6a
SHA512febdb462e4a62048d3b8206efd28e213687a2cf8c9a9f8010fa506a35ef154d1daa5dbca326db7b6ebdd2ad7733df7473f30be53d84d314a7ae48b6c5fec725e
-
Filesize
216KB
MD53e1e1b0465347f7cf62f4671e5cb81fc
SHA1380eadb85fd656df53df8a4b5e5a0ea243e69eff
SHA25626f26682bed6111fb06040cd36c5139004daf89aefc89a84fad382e50d3a24e1
SHA512976eb7a1f48d899768efc904a4be13fd03a5a3d27e147d76a2f061d224bd6fbf06483e1643c538ebe2e64a400e1803e2c7e3e0e02a4b99cf49a2aa5147c94014
-
Filesize
216KB
MD57b1adc2146c6c7b08485dea0648359e8
SHA11cc2f77a52c41111fd5e5be71962e86a6f17667f
SHA256b32e0f638e6bb7faa9ce8811be2e698d9c3b3adfc23428f5e46cedbdecc47dda
SHA512335b8bd8623e48ff5343adeb44ea5d040af021bead72e52fee4a0b80a8479ecf47b9fbb922ecd61e0080dba49a300ce565b5b99d22eec9b578ac9f87ac696476
-
Filesize
216KB
MD5cb6e10dd6fb018a60127527c0cd1443a
SHA1344e0c94886d4a7f3246b471be09b42f0d87868b
SHA256e35a64bcc49aaba85133bfa83fadbf70434de1eecfd54f84c442f394feb0187c
SHA51226a9110096017850436b987e14a1a6a63c7e90651e7e419b49ca6f948c7e715c49beaf7434ce82452cb7544ba4922cf34dc441360b768eb02c453f120ae86421
-
Filesize
216KB
MD542262331e6f1144650bad734ee99c20c
SHA15d3d72e842c8ef3309cb317418a4bb8fd7d791a3
SHA256d1f795ae32759a238ed2f855dbc2bc25081b2bbdbc3ecbddfe0e1a6637935b64
SHA512e5099a6b039f68f42d0db863fe3329b7cf2507e5348aab71458ad5ffcb189314d83d1141d8e54017c837f4a810d41932e961509f20ea8e42431814adb88820bb
-
Filesize
216KB
MD59abe7de1d69fc5040a5640bf5f8405f7
SHA16535c29d40e3dcd0d7377978b9f94d6819bc1c9c
SHA256ce75d07a3ac037f77652aa29233ab89ce0dfba35b9d77713a86f70aa0894aff0
SHA5120cf1f40dc779603d21b53eddda5fe27c40be682b9bd45927a832bc5c3becffdd5f80323686603450c5d396dfed09218d03725f4c63596376be22b607cd7bf8cd
-
Filesize
216KB
MD5fd2d856b06ad22b700b26fd6b4e54056
SHA185b9d1ca9f7c8f4e11ce40d1a166973387f28e52
SHA2561650806240ec3a08c31933eea5641fc3d945d673b6dce0e6c8029bf28c626e64
SHA5127bb34154b332755b995c7856fe6c5b1090bc70b1eef1a18916d66428d95a916e8bad09cfa7e2c18b17a4f9ddcee53ff70058e083c2b60cdfc3df9059228aab5b