Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
11/03/2024, 15:56
General
-
Target
2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe
-
Size
197KB
-
MD5
c8bc285f35c91a77248b8e72a55ba361
-
SHA1
4e44a595d70904f3df0437975dd69e3f1c56cd7a
-
SHA256
57da17059273f69b9642810026b1c49842841238341c3e946ed1cb03b3d88d3d
-
SHA512
73b4b9de9aa7bde9f7b0841cb35ec536ada22c77db8da54d8be18fb3f314d2fed6a0aaa42ee0d3235a28e31b3ba17b35b8d0274e3bc6cd86cde254fa794763c7
-
SSDEEP
3072:jEGh0oCl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEG8lEeKcAEca
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-11_c8bc285f35c91a77248b8e72a55ba361_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{13532FEA-DB9D-469b-9D25-748BD88F3218}.exeC:\Windows\{13532FEA-DB9D-469b-9D25-748BD88F3218}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D1AEDC0C-48CC-46b7-815E-2E9EE3414E64}.exeC:\Windows\{D1AEDC0C-48CC-46b7-815E-2E9EE3414E64}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B7E24E3-4F1A-4ab8-A0AD-F97FCC338D35}.exeC:\Windows\{9B7E24E3-4F1A-4ab8-A0AD-F97FCC338D35}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7A826313-18E6-4d06-935D-779F8A18C7D1}.exeC:\Windows\{7A826313-18E6-4d06-935D-779F8A18C7D1}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4512E125-703E-407a-9CEC-A4E62EAB296D}.exeC:\Windows\{4512E125-703E-407a-9CEC-A4E62EAB296D}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48D8226B-4422-4a9f-A9CF-EFCAB19C3D31}.exeC:\Windows\{48D8226B-4422-4a9f-A9CF-EFCAB19C3D31}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A607E3A8-70D3-4389-8E7D-60599FF241BF}.exeC:\Windows\{A607E3A8-70D3-4389-8E7D-60599FF241BF}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{73A97413-D798-4886-BBF3-44F5006BD7FF}.exeC:\Windows\{73A97413-D798-4886-BBF3-44F5006BD7FF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D26BF2ED-BEEA-4c65-B50E-6501C05830B0}.exeC:\Windows\{D26BF2ED-BEEA-4c65-B50E-6501C05830B0}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{825BD18F-CF2A-42f1-A602-6A6011E3D69B}.exeC:\Windows\{825BD18F-CF2A-42f1-A602-6A6011E3D69B}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{112031FA-C41C-4520-9BCF-A106BE0F905D}.exeC:\Windows\{112031FA-C41C-4520-9BCF-A106BE0F905D}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A3D1F753-ED8C-490a-BCAA-66DD64BF308A}.exeC:\Windows\{A3D1F753-ED8C-490a-BCAA-66DD64BF308A}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{11203~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{825BD~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D26BF~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{73A97~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A607E~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48D82~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4512E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7A826~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B7E2~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D1AED~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{13532~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD5a48dd4d6e6bc221c2c36c7d7c17a54ed
SHA15d7e104d08cf9dea3e4279d73ed2d1abc551a098
SHA2569a1524c87cd72f4a86bf3918e07cfdc219a8595f101635becaac31520bd51f24
SHA512ecfb5700cb419f0553c5627ed6ab0e060226a1e36daffecd53431ea8fe3779dd7fedf537a78f8a593e6c43bf5f7a1a10686f692fba149e5411175789a3c818dc
-
Filesize
197KB
MD588b4fbd038433bb80af3392ab7b44deb
SHA1a185ddcc04935ed865f29e4d6d74fbe66072ed54
SHA256dfdd586ca52bb30e85a41797d97c2306bc247543f1177792f21e24a17c8c3e39
SHA512713a0de1861d067cf9cc316f3434ea10437798597329c8e145aa39a055d2e32b2bbac4395472a7161d085299d05ca57241c05f2e0124ed2507218eceb0bb39c5
-
Filesize
197KB
MD5208a95b35ffe0f6412757b265c0a0c8f
SHA1acb13b626c231e8179e7d667af3d6906a2b87f6d
SHA256161324e5e1ea6716083c39fae152c73970cd379f68945800f47dcfc78b0a3ede
SHA512ed5f5cda51a8cf1adaa7e3bf7e8b231352db18930eedd19be3c1081ba86387ddace7123e35d1f91c94bcc2e6e29f66f97506f71f77efd75350fe868e5128e136
-
Filesize
197KB
MD587dd5022a4f926f9e2b2b0c696fc48b8
SHA1c7ae4be974361639934b7fe6003b0797a307a810
SHA2569814e53ee2f5d6ad0dfdeaf08f5bbc2c8800d23521d22069e1fea9f2bbf034f2
SHA5126756f9c74928b3e884e84a42dc02db66c355d4123853a6b9c85082cda26ea525a5f550d6e2fc713d762aa4a0b96edcd605d8e9885d0938e98cdc9068465f7147
-
Filesize
197KB
MD5c7230aa5838b153a0bf69d4e75e7b537
SHA194d337f9b7721b732fb6004b5f0d57565c693660
SHA256aa2a74a58b6ca28a4287c11386f98edd84244e993b50dffe7777f1a5f149a93f
SHA51230cc2c2005ea758f0524df0b521f82f7dd394bd125644cd2f2910a2f9fae39f17617da50e81f4c6194bbe9d68c3c4e0f3e799d96aa9cae8d7bbba09a08822cfa
-
Filesize
197KB
MD577d78d58d71d3f0ec387cebbacd51100
SHA1ab644c55ae018ff084632d037d4b94ec77cfd208
SHA2562924f06368ec63c521f3f85a5c6d558e20b3a736570a856b6dc66ec4bc644e8c
SHA5124817ad52921723314d280f1501260365853325bada22bc50d6ab4a67dac894be6cbbf6ce9b381a11c26cc82e57999fb156631868f5e9d66f28682c227b8d8ee8
-
Filesize
197KB
MD508bcde69abbd6c1d6bfbe2573c454c74
SHA182841462d8c50976499513d945f9fbd4f0de1270
SHA256d08d6c3a9d53df22d7ca54c2ca4c56283647cd644c8195401d1e21b8630d2b17
SHA512000b16bd368613c788565e320a5d299e3d92f8fdc95479642316a63546320d03ce9de247495845485fd98a271f2f2d93b20c1bc43d07130613d26324b667b0ea
-
Filesize
197KB
MD56b5f858af0812e6956b293d409e4a884
SHA1a6b35ecc552b8374dfc9b2d8c75676a7df23dfa5
SHA2568e32d2c9e2c74db6c1c30814fa7bf5215f22e62f12f92f8c6389d72cf166019a
SHA512b2978620161d6b0e0b3dbd209730c594d7c6b966ea6efa9d6af67a038e87e315542f1f1ff8ea075e2d32e22f07c2c7d63cf4d3be9f7fa5b3f1fd0d5db90b60db
-
Filesize
197KB
MD5b172046e9f5646ca2d6fa84cf601d2b8
SHA12c119528daab2570cf551c4662998d1f6bd65c09
SHA256d5c779a8544264e6064afe3d84312a051d37dbc24b9dadae4c160ec19de3f119
SHA512fcbd4d13f4b70541feec7f00d3d84f11748872f5121a89f7488b9187ecb470d6beed9f4472f8bb760466c81dffc058223cdf553914b9281d8203fcc0a311cad2
-
Filesize
197KB
MD55f9170f83caf17f03608e718479487dd
SHA19031ee239036cefea160a1d56d0e97928f6573fb
SHA256252387957ed8e97e070abc05576d4d6c2635de5de0bf06c0cbc6827d76673b84
SHA51255dae20426d8862492ed0124ce3e57d64ff91c9443739c6db5dc127c20cbcf0cb26c5700d3f97c5f8eaa1fc24f5f5012f3a1f430c8fadc909c05f7ad02b1cf27
-
Filesize
197KB
MD5ccb3e3e90c4b620fa9d09ebc1e63c549
SHA16554dbab14084fc730018e0f65eb5a112a1bf1b7
SHA256d0956873ffb6f28c4349ae0c96009a4e4f97cacc446f65b4f71cdf06080f799e
SHA512f48b8abe4e56e7b4726aa192d5d807565fef98e14d06ddf7029722dcc1ac4e6e8c45518dc42340cb40122335964d46d4840f886f2bca22f7583dfaca085b4804
-
Filesize
197KB
MD5a19df3f1dec0ef70a634841bd0354b7b
SHA1df15151ef471625670374aa43906298a9eb3a566
SHA2564ba76859faa76b4fab9d718d0062a702971cd57e577529f3cc6856324786f898
SHA5120388978a8580bf87295565f31a592b248ce0309740a97107b3564ed3a6582b749b546f7ebbd7b48199fd8a81e33df373315bfd0af6bd9fc314ee5746369bbab3