Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 19:51
General
-
Target
2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe
-
Size
372KB
-
MD5
6f9f5e208dfe22443b65c767fb43d0d3
-
SHA1
c7ea8004cf48461d7c44be775776c4bd0c720a56
-
SHA256
aebf5805369fca9f8dd91f47ccd00c44fe8a27aa853acf4fefd5ec3304bfbbdb
-
SHA512
78e0032cb78789000a9642a8215218a3a50cce62baa92c5b1d03b142c9a5609336ff3e2b47395e496f47747cc3c16ab73f91913c1baeeff92b927aa1465b3412
-
SSDEEP
3072:CEGh0oclMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEGmlkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-26_6f9f5e208dfe22443b65c767fb43d0d3_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{06383D75-7564-467f-9AC7-B167F3DC628B}.exeC:\Windows\{06383D75-7564-467f-9AC7-B167F3DC628B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F8BFD8ED-F885-4ed1-A0AC-CF279F79E4F0}.exeC:\Windows\{F8BFD8ED-F885-4ed1-A0AC-CF279F79E4F0}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{88BAF3C5-65B4-424d-BBD2-113D2911CEF8}.exeC:\Windows\{88BAF3C5-65B4-424d-BBD2-113D2911CEF8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8E8BD7EB-DC28-4a1f-B85E-C9384014208E}.exeC:\Windows\{8E8BD7EB-DC28-4a1f-B85E-C9384014208E}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E41B0FCF-E503-43b7-9AE4-D4111D09F5F6}.exeC:\Windows\{E41B0FCF-E503-43b7-9AE4-D4111D09F5F6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{92B18BB3-909F-4c77-98B9-1814A448937C}.exeC:\Windows\{92B18BB3-909F-4c77-98B9-1814A448937C}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{048D8B35-17C4-4f8c-B219-CC28324AEBAB}.exeC:\Windows\{048D8B35-17C4-4f8c-B219-CC28324AEBAB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{F4A28CE5-9D10-437a-893A-10AC3C6F0E3D}.exeC:\Windows\{F4A28CE5-9D10-437a-893A-10AC3C6F0E3D}.exe9⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FAD8777B-FC22-4be4-8CA2-EFF978B0F5F9}.exeC:\Windows\{FAD8777B-FC22-4be4-8CA2-EFF978B0F5F9}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6724FFAF-702F-4251-A64E-070B7C68D48D}.exeC:\Windows\{6724FFAF-702F-4251-A64E-070B7C68D48D}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9C0CDA6F-62F4-458f-A041-2DF65F1642CB}.exeC:\Windows\{9C0CDA6F-62F4-458f-A041-2DF65F1642CB}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{02738283-4E57-4685-963D-F4234DE9DEFF}.exeC:\Windows\{02738283-4E57-4685-963D-F4234DE9DEFF}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9C0CD~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6724F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FAD87~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F4A28~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{048D8~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92B18~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E41B0~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8E8BD~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{88BAF~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F8BFD~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{06383~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD587c313a017f4ad0e8d92d37cbda14c81
SHA19a2d07b5a78b5d719c4b41fb0548b8d75a4e00c9
SHA256a5b603c0a3f1d98fb076bf2640c6cb998f02bf65cc1e76f04192f42ee98c09b1
SHA512b175de064b9d99b130b37551bbb2feb9040187b17f81744ef8485083af9d5feb1d10010969e4abf9c54ae7b8750337d0d4639ee0be329af4147ef00bb19133c1
-
Filesize
372KB
MD5d448d3ed517445a2d2975bfacc0deac7
SHA116a28af292cb2d4497398f1d2e5da2a3b961af84
SHA256df906d917d9311289cf506e461616aefabdfa8b710eff5f169892f405ea7cfe7
SHA51298fed5fcab469f08ccb3507310f3e48a79a9ea2810867afec077c7b2dfdf29b5fc4413a0a5fc3b8865f628535c289b9780ea733c72efaa816504ee05aac9ff89
-
Filesize
372KB
MD54b1cc54e23ae6f9867baa2a10f4be3dc
SHA197b09d9757c25c04dce2195d3fa10e754dcfd7ea
SHA25676a365810ed53cbff48755c985f3a4ccc55a0c8d087f71d2acebc0e5eb6f29af
SHA51254f7a2deffc8c7c8e2f252a0cc784655f32bf4b80dddbb6b64215f59f0ebb5b34ac8e960f4b0ac63cd7dcc9b3579abb58072e3c5fbfee32394c4a5a59932fda9
-
Filesize
372KB
MD531f0e1260fad4071188304c1726bb5c2
SHA154107ea86ae23d8f0b5ca9efc741041797f40efe
SHA256ddbd97cfa5acb1b51bb166f80cb4ce75a3f862815b0537f2a48dafad4a216df1
SHA5120f9d87fe0adbc9a48db5d253277fe0d3b4f4c4cbf61325390de85d0eab21ce6c857c5ebfff3bedbffd0021620408b0387aa049226a985d80b86340c4f4e630ae
-
Filesize
130KB
MD51769604a9c70feb9b753e3126f3190c6
SHA16a76551117e99f3e88bb73a65d3e95f588cab44c
SHA2568f5878cb25ba0932cef7ca283591f522abe6a140ba6d9cc8ca67cd137384638b
SHA5124518979d0feb0d09203f3b6e135abb0e2c8a8c28993438ab0979b266e44cf38554f37ec525c2abdb47f8539891af405d55047720dbb91edb81aa95d9c67fb41b
-
Filesize
372KB
MD54cd4cca8c4859d2f8e2ff71a10ed1422
SHA15fb587294dd306ab44c39bc564399b7f5544d497
SHA256d1d5d5a0edfa03eed58673d6666d79beba1e8f068a663479a01fdfefcde607df
SHA5128f58a2cbeff3107df9c0681a3977efc220f4ca8cdc2e8c8459df3a879d822c405e9e249644347281cf9a06642a91a6df80879001e7a456cd86bdfbd253982e8e
-
Filesize
372KB
MD5d6f7be2edda6fe773eb0b79913e8bd53
SHA18737eacd2c31b474068b487985c93bc48b1678ed
SHA2563ba8a0a5c1ec96d0278491945aa0077489757a10b8ce73249ab90c4e94fd58e7
SHA5124613b48e23699841e8f92e1280b6804ab593a70a632e820e27771d4c1a0014ad818160cbcc335cfe857fbf9eac7afd1d370360490fc039f191461962278d3aae
-
Filesize
372KB
MD53abdefc47c8c5f9e1cff1c3b80c791d4
SHA19ce6b1c2877f39df908972b800a21305629d42ab
SHA256adecd2f5674f66550dbb22efba0ea42f9a4709124b688f1c7644951276f5ae14
SHA512043295bd24da7c51dc418ebd9bab2f75fcdbde766aa91ac62289bc7e3573c8b6906b0582d53a0d0772a383da8434715258cbba58349dba1becb44c080aff92b8
-
Filesize
372KB
MD5a9bd0cd01e33753440b2edb2a7dfb8a7
SHA19d0f2ebf8c68c6d2a7698f188a1a8f128535df79
SHA25670b303e677d3425c05f79845037187742ca0e1372ba32dfcb47d0128b37a45b5
SHA5129bf1ffec27009c15dbd81dd91fb7b39689f2c221a634b1e05bbd2fa9938462d352b8d24bc672054fe304268da662cac64cbb3d4240eb653645ffc972c4545601
-
Filesize
372KB
MD54c69fa15bf209e971726fdfe196644a9
SHA197f903bec3f0c56137f4b863cfc27a1abe38ba6e
SHA2565c33b82a7eaccd378ce1e0d1592ad4f6c6769a66f3aebed813244539b3e57107
SHA512ee9cc3743cf87d1076a2914e9006cc925e7a0f3c035f25d52265c973be977685d36ce82f5666ae4b2cfbc76936082f72808aebae963be1226bc9b7d60945886d
-
Filesize
372KB
MD549d5e05f5068c8636fedacb93cf379b2
SHA1584730e2d61176b5e66aa0128b4007909d4a2bc4
SHA256249f290b53ab62b551fb6739c0084db463daa44003667771ad1e5eb6835230dd
SHA512130a4357474f9baaf7981a2784dad67cd80ebae6ae3dc6dae9eb2ddad9896c7ee0ab99ca9dbff771207308255dd232133802cd0f298a51e076498250bdc16b7f
-
Filesize
372KB
MD5b893ccac266578bcde80cb70ece6b285
SHA1289fed00789c7544dbbea629ecb44b84512577d1
SHA256271f1444e6e4bca6dc20d96be9aacc754f288e50b87d3656868499dc763dc071
SHA5127ed30fb983563f70cf62dfc52255d883a7e5e0981e7e3c3c6ee93a4b1855da551a88a463ccbf1da15c95e7aa34780a56de5086ad53134a5ffeb2f5c9a061a655