Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29/03/2024, 11:44
General
-
Target
2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe
-
Size
216KB
-
MD5
7e3f6179f25cd650baaf5e291ec9fcfc
-
SHA1
e0f367cca860e96d525a9a4321496b50eac70a03
-
SHA256
5b4da516600e2177af80cb0efca3f000d5ff9f14c394f3e7fa503249260f476e
-
SHA512
c71499bf3509e161134db9b682442a3700158239f1d1a597c26f423d687177e539dfb92f33f49f13a07ff0223035769fd041ba044bb1779b832e824cc2e5548e
-
SSDEEP
3072:jEGh0o9l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGvlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_7e3f6179f25cd650baaf5e291ec9fcfc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{82D72316-BC43-4740-A593-62726C9D25D7}.exeC:\Windows\{82D72316-BC43-4740-A593-62726C9D25D7}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C9D95B8A-115E-4a09-8AB8-A593B648850B}.exeC:\Windows\{C9D95B8A-115E-4a09-8AB8-A593B648850B}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{75DC833A-E13C-4245-AFB3-E6E1BCD288C2}.exeC:\Windows\{75DC833A-E13C-4245-AFB3-E6E1BCD288C2}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0C618A2-8E60-4e82-974A-910B98D45930}.exeC:\Windows\{A0C618A2-8E60-4e82-974A-910B98D45930}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F6F533A-60DD-4bd4-A1C2-1087F64B85CC}.exeC:\Windows\{0F6F533A-60DD-4bd4-A1C2-1087F64B85CC}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{64645ECD-00D6-4d34-B220-0965555A96B8}.exeC:\Windows\{64645ECD-00D6-4d34-B220-0965555A96B8}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{070F02CC-27C5-4cb8-85CB-7F37BDD1FA37}.exeC:\Windows\{070F02CC-27C5-4cb8-85CB-7F37BDD1FA37}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29F2C53F-34DB-4d19-9A6D-CDDC9E8627D0}.exeC:\Windows\{29F2C53F-34DB-4d19-9A6D-CDDC9E8627D0}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{997D60F3-11FF-4216-976B-3D4DED15579D}.exeC:\Windows\{997D60F3-11FF-4216-976B-3D4DED15579D}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B47F392-D6E3-4d3d-A1EF-0C0A19D1166C}.exeC:\Windows\{9B47F392-D6E3-4d3d-A1EF-0C0A19D1166C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F19036BC-40FC-4be0-81A9-2A9C32646F63}.exeC:\Windows\{F19036BC-40FC-4be0-81A9-2A9C32646F63}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3012ED48-E216-4784-ADD0-E6B3B20DCE1D}.exeC:\Windows\{3012ED48-E216-4784-ADD0-E6B3B20DCE1D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F1903~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B47F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{997D6~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29F2C~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{070F0~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{64645~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F6F5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0C61~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{75DC8~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C9D95~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{82D72~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5d7ede03b52cefea523300314aa4bc9a4
SHA1033dbead42b7e55504b82680aa2bef75fe79e86d
SHA256d1db734ea0de66a086f9a74785ab8a61acb314028b6ba364e1af5c59a00f64e8
SHA51264d94ae0094fd4131a72175fb97e01e46ee0c52dd43b70c07e55d4f2f550d8cf4d33615dc37a03ade557e3fe698629f54defe457ac408a8e526529750e0baac1
-
Filesize
216KB
MD56a257851263c83b5351289bc33da0fad
SHA1b5595a3d2647141efecf7ceb2d96bf756710df90
SHA256be4065906d508b61f2a959dddef692e16674a23e2d1496142d60faefa92d061f
SHA512e205182ca3511194d963db7fbebbaa52cfd1214e3078e148660f488b25daa3ec8f472e234aa5bcff2288b9a5394deea27a8a24217ca49b04d1c25a14c8bc147f
-
Filesize
216KB
MD544bfd2a4a8ff960c6d4476b8bc534c5a
SHA19fb0ef0014448944325752d597d6292ac8b9cb9c
SHA2567d0b77a8557779450ce789c2a10d2d4b3b7b634e7aa8831fc52d13926dec772e
SHA512cdeaa5fff2a1e570da60a53b7bf5917f71867311a4cb553b7a7c5edf9ebb6a304b3e6a9b57bd106d281ed9676381213e650cc1e56c5030ef69c7ca9feb54a1e6
-
Filesize
216KB
MD55727486c6c6554ac17f860ede4577fcf
SHA1e77c6d22f48b46b79e3114091652b73b936a40a8
SHA2562177081562a8b89035120ebda108b9607d814153451f7b769be3cb1233be6eef
SHA51200ecfac147a24c44798b176e98f0763ea6ff980237eb8f9db195abd4cb6adb9e3d9bba1401eb19a05310dec11b8d342921725ed85f68094d36fd0c0fa595edfd
-
Filesize
216KB
MD5ed0de17057489117ee9975b80596da3b
SHA14c50f7bc4259066ce16578ebbef9e46947c3a72c
SHA25637d15cd78385e30e01b8607b0524eae6115957077295b9775fd084ec9333898a
SHA512232d3e421ba332465fab89a99afd477b6a1676ed723d4feca7be37caa75026fec3d8fe6f6125970417b14565f07a8435e421329434ecb739191a1c3aefbd267f
-
Filesize
216KB
MD53f23dff50eee4343dff3dc217071a2e8
SHA175c284d3501f37b63bcc9eaa4db4d31f884f7aab
SHA2561a114722ead3ff59e3a0b9c59a854544af25214f742c8e830383a22831b8a0dd
SHA512749c818e4c2a92a3ff7f5e6235990dc0a2e47e714c3a592771795b32b86c1aa1dfd8d764de58fe6a8a503d3739eca45d0ed2d4235d47020691515635dfbcf9a9
-
Filesize
216KB
MD57e46fbda8c9e72de057f0d86f9362396
SHA14cc1fac46963716f3f49b10bcad7a248c7cfcdf5
SHA25628bc7c424f058d90df441087f3a9e870024e753c911ebed6ae3614ce6d6d6774
SHA512269752ca569b9ea547ed41711a5b5fafd529132e2ddce2fd1bc7b211d3e1b6340107cae44fa767eefc6ad83c6a01749f9a2cc485bda05931655e726bbfa11492
-
Filesize
216KB
MD5a13b22b8c520486f4eb30317bbbc203b
SHA1b32cc5dedc76ebe6f401c282bab1460f20670e4c
SHA2564902413d14842883c15e2c6838bc75c8b2fff14732f2844c4761206d49c8f5a3
SHA512c95beca456459d3f6858682d37719b27474f6e23808fd1be5fb69c5d485a6f96b7c825ad0d00264b7f1263de1e1d93213a914e701ba3f57185209dd07589501f
-
Filesize
216KB
MD5f4cd67d14e8f21fb9cf8d69f04ae8812
SHA18fe4d38bd8187b42cf32922569dd6d49bbc22ca3
SHA25614c797ec66e94a3b2dbbb14b647de931a554de2ee088f598755efc0dda957755
SHA512aa51499bb76828a553d88c51c27ee67affa2fe1efae82b7736b442a785b1ea68a1450cf594f956cae1fbb0c4072e0d27597d1cca28a4c8e100d561102429a096
-
Filesize
216KB
MD5301c8d65aded3ce22acd09a597078409
SHA189ffd73a1d7a9d5925e4cb6172f8c62569309437
SHA256877f337a2560cccdd8e9f40924ef1f5dbc2807a4eabc9e3bb9090ade27a2e0d8
SHA5128b022cb067508c7c6b67e1dd2ac44c49266343061e42512a245969e7f4913067c05e1335609f39c64f1df7b163353be3f5e0d8af779077aaf12c79a01523eb79
-
Filesize
216KB
MD59d85e9eb6d7c84e8a62f37eaf23b9551
SHA1a83235e81e6ef7f9ff79acfb961685d7a2d100b9
SHA2569aed3f1a516823e27b083e8cf776d8d8402019005f87e1f99097d46eed11c0c6
SHA512af6918f5e1a64a75d3e52a2e29fdf17cc66a09e5055b484905fc0d8e5787a73580416ac18c0e9b6e2fc38726a2dfad031adb89844f95acb8b534228d95802e42
-
Filesize
216KB
MD5871280466d98a961c2d1e57d883b766e
SHA1a405cc0a965722acb91f36676c828bcc8968adfa
SHA2565ca7ed6123d6340bfd442beedd57539fdd60c3bbc56a126ed9e9950021695bf5
SHA512db7584098aee6725dfc9481e8fcc30d1c0b5a9304e035f6ab202065d0abcc1610132439866bf4e164d9d8904502702744d588891864dfe8382e60e335c32f217