Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
156s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/03/2024, 03:44
General
-
Target
2024-03-29_5277f5718a9a5c41ed4a324c2b2132fa_goldeneye.exe
-
Size
216KB
-
MD5
5277f5718a9a5c41ed4a324c2b2132fa
-
SHA1
f2fdc39b32d11b67fc86a122fc37b65a7491ff22
-
SHA256
5ae09916c42d2d06c2c47d092d8631ad4119db9d26c1ba109c381a3205e5ba09
-
SHA512
65d41485876a82b341a2cbbc18c4a61386868b865fdea27d95c5f71693c0a3c94a96613f58caa4c9859e6f96b72420dd4a22e349a87fbd70df40072faf7be695
-
SSDEEP
3072:jEGh0o0l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGelEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_5277f5718a9a5c41ed4a324c2b2132fa_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_5277f5718a9a5c41ed4a324c2b2132fa_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8BFAADEC-8A2F-4b1d-A8F6-19BC5805A32B}.exeC:\Windows\{8BFAADEC-8A2F-4b1d-A8F6-19BC5805A32B}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CE9E197F-92D0-4d35-93A2-0585F7C70399}.exeC:\Windows\{CE9E197F-92D0-4d35-93A2-0585F7C70399}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{939A033C-DCA5-4af2-884F-1126B3CAF7FD}.exeC:\Windows\{939A033C-DCA5-4af2-884F-1126B3CAF7FD}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{92338BAB-12FA-47d4-A6A9-B008A57BE720}.exeC:\Windows\{92338BAB-12FA-47d4-A6A9-B008A57BE720}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8107E6C6-AB70-4d2d-85A8-0438C2D0CCE6}.exeC:\Windows\{8107E6C6-AB70-4d2d-85A8-0438C2D0CCE6}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{112CA2E0-5E8D-401f-AAED-99C0CFF4317D}.exeC:\Windows\{112CA2E0-5E8D-401f-AAED-99C0CFF4317D}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7E4C9E80-2034-4d5f-8CE2-E9BEE8A32EBB}.exeC:\Windows\{7E4C9E80-2034-4d5f-8CE2-E9BEE8A32EBB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{799FE159-1A5B-4b82-B9A9-E865E78C052E}.exeC:\Windows\{799FE159-1A5B-4b82-B9A9-E865E78C052E}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0ABDE4F6-66BD-4a6c-9B14-DCD8D4ED7C0D}.exeC:\Windows\{0ABDE4F6-66BD-4a6c-9B14-DCD8D4ED7C0D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7974CDA-6887-4bfa-A266-23B526721063}.exeC:\Windows\{A7974CDA-6887-4bfa-A266-23B526721063}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BDE51928-CFCF-4c62-9DEA-9CAD82333ED2}.exeC:\Windows\{BDE51928-CFCF-4c62-9DEA-9CAD82333ED2}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{890AA959-12E7-41bb-A79E-32DCF6CB6FAE}.exeC:\Windows\{890AA959-12E7-41bb-A79E-32DCF6CB6FAE}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BDE51~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7974~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0ABDE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{799FE~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7E4C9~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{112CA~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8107E~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{92338~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{939A0~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE9E1~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8BFAA~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4204 --field-trial-handle=2700,i,14629483171127516024,12350888228055326066,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5802b012e6460a1b7c9c4eaae0ea9af69
SHA1b67c88099a1041da27b024732e6d2414703a9ae7
SHA256cf93fc97fd10e83c7b256d7cab753d955ae85a4d53cd60587355c00d41ff5e89
SHA512d0cff512900eb6b72a1b777ca68c672de4344fa0a58470e4dea91f4f193626e073fef4fb695d3eb84fe3bf0f9aab4885e17c864d374339d13b9037ad1ad00c81
-
Filesize
216KB
MD53b13e917a02c5a133cecbf23522e3034
SHA16a0b8a054436d4aecf49afab4ebfbb1a08de0467
SHA256a5d69c08391afd52e8c93abcbff9164aaf85369b4b5d653df5928a78d0d27fc7
SHA51293b9fb65e466625713a78a7c90f9481735be012a3c740474fed95c888460bc50ea03c50819fc19785a2d968bb924fe006f805d01d132d36f571a3edc6379b1ef
-
Filesize
216KB
MD5584141b1e0192ca0e7cde96dcb78e256
SHA1f1150e4a81aaa86fef701565bfeec7d624e8bc80
SHA256f2cdb188de836913d18c49f77b8f55f1db61f749e30b74d3af53eaa9c690c1df
SHA512d98eefde26e699b963a0e98b328284587fd35aefd6b962947d6f5838372c5d831a71a828c51d1e1766590aec55e268063f27a08b38866ad6a2d9e18244d1690c
-
Filesize
216KB
MD579c96d915c2a6235a4174dbba22063b1
SHA16b2a2217d0f1f12f366e2cf007a21eeb2895a048
SHA256dcd741c0097309e2662d29a43b3a8e6482f7da7a66361ab871d2b958c204afba
SHA512110eb34856a5e2a985e83b78cf8754338134bf90ad06f29cd5012defd7cece1e0538b2558fbf7259e6e3d33265060078f2d301838bd6918069a9117e2a7773a3
-
Filesize
216KB
MD5ef9c8d7665d0c3f6f9b9bf20c0fb3c1b
SHA15ab72d6eb58bf9df78da3cea38cca71511ee095b
SHA256b7c967ebac93d102019d78825a0a0a145a46bb22f6ccbf1734344620ab0a4ddf
SHA512378018fe93d1bb7c249a32a88dcfb46fa1d497b97114ea2b75b58a2342d022209b07bcd9c9794c81313e3bb81f5cda74b564cfb03713e94cd51414ba9d5ae4c1
-
Filesize
216KB
MD5dbf6c559dca739cc316c44d67cabc942
SHA1a78af5607cc6766eb5506df4f116a5da1ccd67a7
SHA2567bc2a6f5152850854ef78b2a98aedb6ae39f95dd97a8b03a115b11ce42ef5d91
SHA5121edf1b30dcc9a26d7ff38b80469ef1681a06fa0ef3560a660c8fcc9ace1a4a6581fbe7ce87c0138b4e599810b53ab64d4875138262ca77656b4d194c79029a54
-
Filesize
216KB
MD5ef7fe278905b57f08b8e25ae7299e26f
SHA101ace93a0db6ee904caf7550fc9e348a906ccaf5
SHA25680f048eab8d19e205a3e856681637692ec4c3dd6e1fbe347b872413c11708f38
SHA5125e61fdee23a5314d24386b86ee5cc43c82e638984620b41196a0ee54165596595f9575f9c7bb3929097ed486cbb3a82013c992d8168d95de6aa7c79d97b2f1c2
-
Filesize
216KB
MD56e86e4103a8a47b433f8939796ed7354
SHA14e742e7a2fa0ada87087eea73b95efa51432bea4
SHA256b06e0926d0497cdc6620711a0827fc9213c9c5774ace1d08fdc74cc9e8e1bf63
SHA512fe1aff305357548e77be2639db46a912042de1d0e76e184b63af25e4a32e589e72398ed6eab124bc11998d9ed88f42b596ef3beceee022be73c792d1a2ace36e
-
Filesize
216KB
MD5638ab3555292a6bfcaba92f8125e97d8
SHA11411f4be4f2318fb06acb0831ef6931393656aef
SHA2560feeca4972e18523964cb84946e7b6dde1e3c27d088ee0fc920199e41deca725
SHA51286d97426773496f26638cb225c8229b1fb74d5457d3612ec60fd917a95b003cbf71c592d0aab907a18792d5c6b1a1e645fdf3011f42225df5446b1f8b312929a
-
Filesize
216KB
MD59acc1f8aa2ab3245f87530ea19438a06
SHA174536bdc2feeacc81039cb3a38cc986c361bcfc4
SHA2562ec9473e3aeb455f9d8d5a49b25d1b6c7255ec7e7eabfd0fa2de94ea8c05af97
SHA512533c0f45c03a2f3fea1223440f09cf3e9a906c2468a0754ef3029c3657b1c75e0511f53b809595eca847df0354cb0b4c29f400b9d9034da9301f116a544676dd
-
Filesize
216KB
MD5e0a8521848dfca093f09a66d79032095
SHA108e952fff3cd8cf40ccbef4a2b727928221c59b2
SHA2563921e450b5978ac9e9ce8defd68fc26b39aa06a060ff264287d41029db0d69ed
SHA51230f196b33967df7835c51c2dc514720a428df46451abaff01d8803fc018ba9f3b716df0954fc5d927618f9973862c04bebe32ae6f3b4c8fc1f9cf32c88c3485b
-
Filesize
216KB
MD5e4eba3552008ced826d0699540406d47
SHA18e6e334df171a4b88e313a9251ec8ead1572b70a
SHA256c1e59fa16ae75901c2f568644a5fbe1f59f8eb7c1b8717832f4ab14d97ffc54e
SHA512dba8917985b3e92ffeff0864e2470dedfbec8d9d46a6b073a5dbaf42c052a0b62cbda6326f1a2d9b24cc27e02c5705ce8afc816a626202d1734141a78fe2344d