Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19/03/2024, 20:05
General
-
Target
2024-03-19_fa4301a16165c5cd3a6275c547ca7675_goldeneye.exe
-
Size
380KB
-
MD5
fa4301a16165c5cd3a6275c547ca7675
-
SHA1
950e1658d21f74ac82a2ce09301b1bd5d6c97fcc
-
SHA256
daa49dc55d68c38fb3c115ea7ec306738559794f79c982ba75739baabef556c0
-
SHA512
7c2eb8038a5e9c7d5440f1802da359e1001490cfdd67fc80cdf11a5ccb670bddcad89e61864f393bc47420c2687d92f6a44677c423e13f205e2b5dff35bbb57c
-
SSDEEP
3072:mEGh0ojlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEGRl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 13 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-19_fa4301a16165c5cd3a6275c547ca7675_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-19_fa4301a16165c5cd3a6275c547ca7675_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{81603489-E428-486a-8547-24B2DB6F151C}.exeC:\Windows\{81603489-E428-486a-8547-24B2DB6F151C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2DB6E8A6-05B7-48df-8C4F-2CB1A48C1679}.exeC:\Windows\{2DB6E8A6-05B7-48df-8C4F-2CB1A48C1679}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EE38B81A-00F5-4e05-BF58-6883218AE0D6}.exeC:\Windows\{EE38B81A-00F5-4e05-BF58-6883218AE0D6}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{727019A3-8FA1-4396-8101-F96B4F1715F3}.exeC:\Windows\{727019A3-8FA1-4396-8101-F96B4F1715F3}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{70566EF9-50FD-4e6b-98B9-B82F39C4E04B}.exeC:\Windows\{70566EF9-50FD-4e6b-98B9-B82F39C4E04B}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29DB7AB4-3463-4420-A641-C33AD6AE0B0B}.exeC:\Windows\{29DB7AB4-3463-4420-A641-C33AD6AE0B0B}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{77A96EE6-112E-4327-A530-7D8022A5EFB0}.exeC:\Windows\{77A96EE6-112E-4327-A530-7D8022A5EFB0}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E64FE89C-0AE6-4f76-8605-B73555A262BF}.exeC:\Windows\{E64FE89C-0AE6-4f76-8605-B73555A262BF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{14083198-91A5-49cf-A2AF-75827921B97D}.exeC:\Windows\{14083198-91A5-49cf-A2AF-75827921B97D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8CEE3595-1E92-4e6a-9247-F89425633537}.exeC:\Windows\{8CEE3595-1E92-4e6a-9247-F89425633537}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5522B939-D45D-423a-9395-1581E8030207}.exeC:\Windows\{5522B939-D45D-423a-9395-1581E8030207}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A896ED07-451E-45b9-A6C9-47ADC27FAAFF}.exeC:\Windows\{A896ED07-451E-45b9-A6C9-47ADC27FAAFF}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5522B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8CEE3~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{14083~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E64FE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{77A96~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29DB7~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{70566~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{72701~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EE38B~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2DB6E~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{81603~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD500fad2fa33e6293ddc879ccc5b3634df
SHA159dba52067a7f72d80c49cee342b8287e60389ee
SHA2563f901c83fae0ea8aebe4e52476c9b8addca81459706f345d8a2182ebbe373ac6
SHA512f7e95d3b98395923a8d646e7b113bead4e713ad03739363f67abb95a0b4b3494e06d55f88a4e5f374a65d5f20c86ae5487047496a9aeaa8dd9e9112d15b0b4fe
-
Filesize
380KB
MD5a7ff0d76acb4cd2dcb993a89b0700416
SHA100b34654e62f5a7169fb14a3a39fbff69209a23b
SHA256e84a6d2917f72c5d1f955d6ba5cb12eed06e4d8418968fef189e87a01b2f7370
SHA512fb8fe34ad1d7a8d75f270dc5e4fec6271654937b370a6fdbffa4b85f28e6cd001b73005f89e57721b439611be6b70f3e9c0f2a3c0c735232eb2657b731e4775a
-
Filesize
380KB
MD5427b7c26f562f7d38ffec41e9587ec56
SHA14d6afa4e0bc18531527ce399eb68347716369eb4
SHA256f1ee3c3f872fdea0bc239fdd258462cdeee7266b151110ec623637ec35b93d3d
SHA51214e8179f0ea115a1ec8bbda750ef2cc83ee996088d44018964c2cc0fbcf49f4d1b8c5562375c9fda9dcbb4192940ebef8b68a2059da1a075502df0b1c3def259
-
Filesize
380KB
MD5c88d2b0d99dc7bcf0a5cc98814a3118b
SHA100c24a53938b3a7cb2f9e270f57e2f5ceb3448d9
SHA2563325933d7fb921fc82fb3feff77520d95faee52af1552329fe501a865f6f80e8
SHA5124deb659bff45d55d6a696f6ce8a6cf0e4f06643061a95df6d6052c6692d1cbadeb0923bce2604b2118f316c4c7abbb3b43def653cd2f3e3384d4360efcc1011c
-
Filesize
380KB
MD58e8a36c19e8654572a45e47fe7cec4c1
SHA153be4ee240282379e8eb98cbb85842c4dbe12bc4
SHA2567f6cbc3c8e4308c1cd9d56f8e393e5a6e7d8fc62de35df3d04eae9157d3ebf09
SHA5124d89d7bbfc771baf6a0e43228dfbfd0662b35f47902521799dee4f63ba7022d0909b919b4e8de71775f5cc6fb4eb2a67fe55b01bf66f2e9a709f03e1554bf81c
-
Filesize
380KB
MD5a9e8bd1f83b0ad9fc8ab3335d031dbc8
SHA138d470f311acc7018a8ed55a04ee41454d1496ab
SHA256979d3bbfbc6873cd8c9741961eb503534d08517fe23a0ee4a14f5765db11734f
SHA5124fdbc9e18f1654c7d1994afef8f0733f01c3b424c320242d49c65adaca36ccbc625b0bd38694e5330eb5bec9ecd05ef5544cae0d4212fa13bbf42dfbfb5ec2dc
-
Filesize
380KB
MD58f51257b3b3046c7ab014191e84de639
SHA1e74072efac70c8fde1c0bbe599706b3169575980
SHA2569ccc9b2cd103c3941b3ae2148574b54a719d2d81638448b940727cb4c035ee8b
SHA512a93015eb69d9de8988c4f2ca50265015064147081fe46c38af62f3f5cb608ae10a71f89ba7d6f28fa46fc3562fc3d3bea4cc6543083ab43d1a899400b08556b3
-
Filesize
380KB
MD53be6723059920582cdb49c66d4150a19
SHA183d1e10b2efa6b2f0bfbef53534c84cabb9d66ad
SHA256112794d97439b29db501f9f577134ecc5654d913173177dba477dadf37c388e3
SHA5120a25dc09f8eae8f198f7d4759d02824f4a19d2c465a2c4b41b44ec43e76d0ca0852035276f6309e0e5dddfa97d5c972cbe8822e8fe0ac6ee4dc92d2406d6c16a
-
Filesize
380KB
MD56a858bcff55268fc6a26a59b579d7834
SHA10496b16a9a38ff888d085c7ea0dfc275f56258aa
SHA256bb552a47edb7a18f21030bd0a082040905eac4cf3e098a2297a8a3b56ba52754
SHA512cebbb998a2602202d31d2dbd31157a9d66aa23547ed8b72aab81c623bcd4da544b32adc89fb68fe24567c9f04bf24febec9923f23a6a09a44d45a4ae2deeca1b
-
Filesize
320KB
MD59036bd8c611459dfe8a048d2ad4f17b9
SHA12ccb062cbf351bdd3a3ff659867dee6cc23bf395
SHA2562660f9d4931efefb665e859c3e76e82514cf2dfe989e14cc1ede3b6e4208f40c
SHA5125972312fca86245f803768514a7652890baa41b06fd80d0dc94ccd5a712abc479589582e62ff671f5817600d30194379592c6dc20934ead0ff541b6f1be5e560
-
Filesize
295KB
MD5042417779afcfed7975ca5bf40114d41
SHA1aa29c0657449754dae3313459aa99c232a684bbb
SHA2568bd50d90bb2e43da47ff4b79d416d48a786e80542909b1379077173f99985be2
SHA51299fe3ca5894ba45f1ff3e35ec2f824b15d00413a1ac613520ec016e6862f2a29e38459ef65d854e5723f94feb983d764b67f106aa1d23e9348bda513f81bb451
-
Filesize
380KB
MD53fc45e83dd094eb2f0861f249ef7feef
SHA118352ef37b60640d38edc732c186bfffe5b136d1
SHA256eecc513103a62b39e9759fb9275813b6f4e16eeb2abfb9a396e1dde31f7f9fe1
SHA512ffe871b135d0676d1f5cecb19b53e466804f3b4684f3625ddd88ebe96e4ea95350f6c2f8bf56221449322de8b24089cd6b15dc44b6dcf6fa4dbb3e2e3c27400b
-
Filesize
380KB
MD5a8d6aadbf5c1a493d19cd3ce06d11ce9
SHA1f091e6bb962256d1fcd5ef30865225aaa4905dd8
SHA2569890c6635e1f8e92cad6d0866db0c4c71c28fba7ad00cc34f8e2996c1d0f7a41
SHA51279879ac4fd53de04f553354f0fca8a8385cc322d78603c641122fd529a37509fa6f8e05d50c067ccae01d25a70f2d1dead9b4652808d69020635bd7a90df4906