Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
09/03/2024, 14:44
General
-
Target
2024-03-09_cc5a1c532eb5a0ccb25653297c2444f5_goldeneye.exe
-
Size
168KB
-
MD5
cc5a1c532eb5a0ccb25653297c2444f5
-
SHA1
6e69fcd03a445b419c6128d51032e6cde424f1d5
-
SHA256
e6e6d6da5d85e09e11f2a2b27e2224907db538b65a0c5cf4f291547bac676db8
-
SHA512
97ab023b38cc5d7d84ce09b44da443f821a4aa91ea0e2b4af80979a2a606eacbf90872bdd71e30c8cfd2ea5e4e5b700a71e7172216b1a0a37700d238efcd1be0
-
SSDEEP
1536:1EGh0ofli5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0ofliOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-09_cc5a1c532eb5a0ccb25653297c2444f5_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-09_cc5a1c532eb5a0ccb25653297c2444f5_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D8CB081-B11A-4cde-8AB2-1C428FE99D5E}.exeC:\Windows\{9D8CB081-B11A-4cde-8AB2-1C428FE99D5E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BBF1956D-B7AE-4e7c-84F4-CB1299B43CCC}.exeC:\Windows\{BBF1956D-B7AE-4e7c-84F4-CB1299B43CCC}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B18E63C8-13E0-40b0-9A32-39A445922BFB}.exeC:\Windows\{B18E63C8-13E0-40b0-9A32-39A445922BFB}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{61B2ED1D-EFBC-4116-B6BE-C8477E61F163}.exeC:\Windows\{61B2ED1D-EFBC-4116-B6BE-C8477E61F163}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{42FF78EC-0D6C-4176-AC07-2F3E84BE1371}.exeC:\Windows\{42FF78EC-0D6C-4176-AC07-2F3E84BE1371}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7C9BEF63-C218-4459-AFA8-B987300B65CC}.exeC:\Windows\{7C9BEF63-C218-4459-AFA8-B987300B65CC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3BB1EA5-CE51-4a57-9AB9-2689839FC124}.exeC:\Windows\{C3BB1EA5-CE51-4a57-9AB9-2689839FC124}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7524DF52-6589-4ce1-BBB6-FA3053635450}.exeC:\Windows\{7524DF52-6589-4ce1-BBB6-FA3053635450}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{16466435-065E-4c95-8429-AA4AE551F525}.exeC:\Windows\{16466435-065E-4c95-8429-AA4AE551F525}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C7CEF30D-CE4A-4ad2-BE1A-30943B42883B}.exeC:\Windows\{C7CEF30D-CE4A-4ad2-BE1A-30943B42883B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7201B64A-1296-4477-B359-9A82BAB5DE6E}.exeC:\Windows\{7201B64A-1296-4477-B359-9A82BAB5DE6E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C7CEF~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{16466~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7524D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3BB1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7C9BE~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{42FF7~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{61B2E~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B18E6~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BBF19~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D8CB~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=3084,i,11997299123381683778,5904351605020331957,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD589cae170294038c4de6cf8f94b0e0d03
SHA1db0bfcf33e3d14d29658ce35f4e4ca39a3a98f92
SHA2565420f6f0ba7bb2abdff30110eb14da74ae653c96403e98bcfb7842bb336401b6
SHA512fa98377c2081cdb3b839e6f881f564350f4b6a64072207660fd143c9aa2add45a9ed0e5c6a27620bb51dc1a0ae90ce833b55dc5bf71323618d909040fb9bc703
-
Filesize
168KB
MD592278ab3870207bb624d8e6f2eb08cfc
SHA1e1849ff7aa521b96635cae3712467f3fd0e03343
SHA2565c8a7279f77f0ed8e25cf577edba540762181f6d778977ad1cbf9d363a762c98
SHA512d31993011c09a3cc7d42b78bc4e74a286eb0aa462d0e321a66607bd64e04c04b8853f94819a03291dff3ffd99a2fe30160f4cf96ec9fbc5a8c44aed2fd9fefb4
-
Filesize
168KB
MD57770eaddcabe771568caeb8f2b7daa19
SHA1d9d1794c30b2757ed98527e603e1afa10e33808a
SHA256d1d8d9e8fe885889029cbe10117e651ff19914e631dc7beb663edfd08346713a
SHA51244b7071c3aeaa03e334609b036478ab3df9b7a396b6e099a7e9257da1e917240ae1f9ccc31ab320baa073babefe26145fef478eada4b59a491c67d89c1f88625
-
Filesize
168KB
MD55fcebeb99e042c6d512b603f025cb406
SHA1aebc30c9e0a2889eb3aa4f953bd7478352254377
SHA2567ce5cbd5ebea5f5ba4e433c50013ab8c531fe99dbe91cdedc0aa8ca606c02c1d
SHA51260d68707e4c504772ea36d4c156ebdc60c1a73ceb53e55cca2bd5998f61f039f5d3f383f5f25116aeac07018bc3a97ec629ae157408268d3587318e38f1c8ef5
-
Filesize
168KB
MD5ba66932833bd3b9dbf63a49115f98203
SHA13cc791176db18cc0c38851084b852ba8aa3ed48a
SHA256372531f44aa870601be4721a69b2e7880321d77594ac543fc405117c1057c70c
SHA512cedd4bc58ac06d1fbfaeeedf671740eaa475fdd36d6aafb7ec1965e037ea997c3222f51f6f3d5b6505e28eebd426ba8d56b4bb257f4bad90fb74335fb90cd89e
-
Filesize
168KB
MD57bd84514d1d0d25e3c9bb8e252277977
SHA1e7c573d101965fc9733e71a49848d57b906b8553
SHA2563197cefbbd0a299ecde65be259bf63376e31c13b43143ab7a18feacda573f608
SHA51204c61f23ede5cf1d1b2bc67bcfbfc485f82243340f01cab9769d5e0ac81a71c53f6a3c2bef2bc8f89e83fddb527c11d87ec6a4abb25d03720c66c5b6010e818c
-
Filesize
168KB
MD5a5cd4f38633d5997265fe951fcb9f331
SHA1a8327aef2fd7de8ee482cf42af6c352037086ea6
SHA2566dd37b77be8e151a778487b1974a0da03a77126c39873656318007b157df14ec
SHA5126fb26dabef762e096fde960d8977b807db2013897ac5a47ff392b79c51f468027091c695cd989bdf941217f3a8588ff4555259eaeb1746de408bef0306c2b70e
-
Filesize
168KB
MD52305c3ab4e09e4d4c8a291ea18596c46
SHA1d83e910cc560b57b29420f084b2dc148528291c1
SHA2569447984e66bd49ca72269687343a68765aea544c426553e2d82f450cfba1a1af
SHA5121baad5b6ac75c7192537e2e3aef4d31d267c8fcd1ec687cf4856381d67c7bd11821f50a2e7a7d7375d4b2b0c136e29588a1a853328bf0b800373ddb0b8ed7177
-
Filesize
168KB
MD51900c7c5ba213ae3815405c6f03c6d89
SHA11f019ac05816fab2f9111fddfe078119ebf2e04e
SHA256b16e0927438f505b6f67d2cb642731d3559ec8a452727b02cbc689f18381e6fd
SHA512a0e7eb6c7d98caecf7a9a0e918191cedc9a69c24cc92bc18f10c9c9fc40cf6403fad778bbae0faf9cbeaedb2b09b3e8e57a7b661bbf4e4681b8f3d7a5c233562
-
Filesize
168KB
MD5bfd7a5974093e3c4961d287e36daaea3
SHA14d9a92a98e9d48a53398bacef7f11056ef65b6cf
SHA256422bbce095d2947bba6876cec942db0e3cacf7a038ffd47d440da15ca94a11a4
SHA5124b5146153ee4cc6549b9b9b0526400b7965e832b3a87226891ba0f19c2d75f4261c39fe7552448d6918aab29ff8dcad9942faba58368d2518ae27463647e1a05
-
Filesize
168KB
MD5423f8fd0b824f2ab2f18e1e0687de46b
SHA1b0a6bd6ea5e4fcbce863d0e60d3dc20ae73c2126
SHA25649cb9836bfd7d94aecb71dabe76174044fa7ebc5e3a1d8dc6ef352cc1223c35b
SHA512f370a6b34b2b124dc0b3d7ece9f3a0ae4379512dc3f1e0c2a9aea7f7a0c0bb3cb6034e3b8a43d156cd2af614785ab6ffa2afe24c6f100b24c6def4ae10a811e2