Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
-
submitted
29/03/2024, 14:21
General
-
Target
2024-03-29_925db37e64ce50f8464d24e057f580cc_goldeneye.exe
-
Size
380KB
-
MD5
925db37e64ce50f8464d24e057f580cc
-
SHA1
0cd316396f158653171f720bbe0d8dd42fd4577f
-
SHA256
726ad4976c5a73933c4c68e37d62af3a8ff039762c02769da26bd952d430b613
-
SHA512
a42b81bc02cc728a66c6b2fa56aa45187e3bfd2167a5262321554f98a8a328b73b8cc77651422d17fdbcf1478ba15a5527955eac5d923feb7dfff46eeeea0169
-
SSDEEP
3072:mEGh0oXlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGw:mEG5l7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-03-29_925db37e64ce50f8464d24e057f580cc_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-03-29_925db37e64ce50f8464d24e057f580cc_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BFE2C966-CC26-4a7f-8C79-25B28AB30C8E}.exeC:\Windows\{BFE2C966-CC26-4a7f-8C79-25B28AB30C8E}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AB478CF5-6D1A-4dad-ADEE-87F80281EA67}.exeC:\Windows\{AB478CF5-6D1A-4dad-ADEE-87F80281EA67}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A4C2FF91-F972-454a-95BB-4F7FB6B5CC7D}.exeC:\Windows\{A4C2FF91-F972-454a-95BB-4F7FB6B5CC7D}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{799562EA-6B33-4459-83AC-1A8853559BB9}.exeC:\Windows\{799562EA-6B33-4459-83AC-1A8853559BB9}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{565775CF-5AE9-4f97-8F74-9C214F4B4F86}.exeC:\Windows\{565775CF-5AE9-4f97-8F74-9C214F4B4F86}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A5EC2C8E-77C1-4789-8737-9CFA65AADCC3}.exeC:\Windows\{A5EC2C8E-77C1-4789-8737-9CFA65AADCC3}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E50019F0-FB76-4698-B1DC-26C3D84D8BDC}.exeC:\Windows\{E50019F0-FB76-4698-B1DC-26C3D84D8BDC}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0DAB4A9F-1C46-46a3-86C5-7F73D245893C}.exeC:\Windows\{0DAB4A9F-1C46-46a3-86C5-7F73D245893C}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD3BEA08-38DC-42d1-88BE-79B385FAA4B2}.exeC:\Windows\{BD3BEA08-38DC-42d1-88BE-79B385FAA4B2}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA7B83FA-8529-467d-AAA1-A2528149205C}.exeC:\Windows\{FA7B83FA-8529-467d-AAA1-A2528149205C}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CDF85273-B026-48e8-896F-1340726C28E1}.exeC:\Windows\{CDF85273-B026-48e8-896F-1340726C28E1}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{129822DA-159C-4a9c-AF28-643E1E85189C}.exeC:\Windows\{129822DA-159C-4a9c-AF28-643E1E85189C}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CDF85~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA7B8~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD3BE~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0DAB4~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E5001~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A5EC2~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{56577~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79956~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A4C2F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AB478~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BFE2C~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3960 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD5a76f6ac017157853286f74b4b803c6d6
SHA162a2914e36b5cb43100a4fffba72fd9943f0dcee
SHA256a58c1f18f7c6a8dbb0a491f7b1411166683047690d737f9cca7047690c898c0d
SHA512fa5d3b8d5377c07adc4a239c2de34ce5686070bf064cde47a4be135db315c9f1e2164663fa485596e3e84ba568ab431be295cc23ce8e97ad14f08497c9cfb102
-
Filesize
380KB
MD55dabf115c2b16ed5d864d7214a3255f2
SHA16bb2da33b7ab5e642d39f01778419ac96b932236
SHA2562649d247dea48292ea4ff72f5c39ccd8297f788f37861efa4d49b6d1a2aec96c
SHA5128a84fc812905fcc920232cd9b7f747c8819039963a07d4f4ac4fd6df6b21ecbc7c09a8318a594dbafc821ecef3e8e834be40c7ff223d50a77ab2c04f2a72176a
-
Filesize
380KB
MD5865047b0d2df69154e127ed41c898c9f
SHA1c62073beeebb14c98b1ed45181905ce60971802d
SHA25651c923b4af2f1bd9f9b97ffdd0c673a43740227eb9632aaf264b38b68f7417cb
SHA5128f0b8f7d56e9f75bc09605d013682d6e27c7307b8110e2967db04065de2ddab3a7028fc1f29c858212f7b949adecdb3b7e7040839cc296e6992eb052a2072997
-
Filesize
380KB
MD5b5e9ed335c458429894d52af9a9e7e8a
SHA1269cf61feb2c9674d642b4dd9eedd019bafa120c
SHA256398564c91c4f4ae1eee16fddb5fd59202011645e05a9861b633e627275ceb3c4
SHA512cf4b20c0fe92ad4a6f9f13a723be08a768a2460d6201c9a25d1f3d80393fe73f8d713da8303d62742fd845a1bb7e9cb77873f75633529fb384f13598dfa38a26
-
Filesize
380KB
MD54c87b6dc16f2e998b4ccde468e347e04
SHA1191538cefe6f173648c0e07a2ac96b58d8b32eee
SHA2568deef616ba2a35d8c65955d831dd1e4eaca7e66705755010e115c7f5a78f7694
SHA5120d7085c659e1e80809ff40ed17fbf4679d1ccb3e82aafbcf330134570d06520e5a6bcccc720cff9b0ed19fefd9e5c97f2ed7ab508a93ea1eb5ad2928779c5d40
-
Filesize
380KB
MD5e805050ccc427f3cce4ab9c93831f301
SHA10ddb64fb4ca964e3db05a18dea5513b5522cec6f
SHA2568015f7e6f8cd4b5e20554e75d1df856b8322d840f9767f9ab889124a24532d19
SHA512e7fa07e394a4367ecd8bb0b6124eab77d7aea98e7fb49c351fb7596b85b30ef7a7452cbc914cd70e071bb6c90f6e37d86d5aa0d4eed367d4f020ee55c3ee4f90
-
Filesize
380KB
MD5dd5700b59c0d694e5d9b4f05644c8d00
SHA1975142f6ebfdd4e0503cd129cba165bc6064cf19
SHA25674e066f9ce4b67228f48a204978eab37b2e2519474e4c2cce0c194d9765e438f
SHA5129dd9fdb3fe8639f2785eacac2465ec50e1c2def6c8831f1aeb36f0e1d35d8de8e7f506703addb786d145d20708d843e814c26aef88c2ac69ccb398a182768d3e
-
Filesize
380KB
MD51ca919c371885bd6782f8a821081a9be
SHA1dccabd986c17c5e93df78d10ba61b1f18f52ab48
SHA25620c8727d9ada2512107609b075c537b90134dad00667d215b2c4ec5b2ced7912
SHA512418a87082cf2df6a01f80d970ce1292a479dcad9732a37b21958695e1ddcce1370fb6201d30aac337d023c4e53c90aef733033b6df3ba5cff55b0381b978656d
-
Filesize
380KB
MD563099603362d4ddefcbf13209573d2e5
SHA1c316730f694828f5f07966c17d190f616b25ae2c
SHA256dc4f1449123c7cc6d8e2097c7b88262cd1d06a7957d47f006b2150d7d79b22e1
SHA512fd9c3aa618ea7f7ad0dd6ef38e3aa342f78a7195e9be28a531e5edfdbd8cb6d401cf4c0c2a0d16393cbbb1b02d4f02f5b00036b2f26f26c15f1d7011ed45bf33
-
Filesize
380KB
MD5160180ae22c3605f6c77e109f05e79ce
SHA138b940c132e73aef63dd8117130ddfe9267205be
SHA2567175b2de6c5a1f369e2b39fad3fea5b37791173a7b16762eca1cbb1e2a3274ce
SHA5126abf66fc45e8687bd5d40f537a28fa8075a50028cb79dc22787151b61f1a23e3c6b76964337d66cc73915415a1ba41e1d5da76036567f0827f579796e9709489
-
Filesize
380KB
MD5156035a9ea5c11d90195d5765d9ebf3d
SHA10836c0e490bd4366a00adf8e8b2c052b2c42c2a1
SHA256e5d0b55a4fb40166229beb7436545151eb80123caa5d6f75c1fc3da37d6b0e8f
SHA512c7ca4aee83a8bf9f2aac0fa99bcca9138275f9b4261a7aedb5991f5bec6534597ee450cb7ce72a186bbe62f98f8623003c601566882008c97d65dd357537ba76
-
Filesize
380KB
MD5fb751c559dfcfe238f835945f4d0bec6
SHA1d538c39c545c222d810f2a56cd49c67cdf2d7070
SHA2564af800c1265e2c5409d86bcee1164e1e839aad3b4bc999cc319aa18dc6708e0e
SHA512b81a855c5ef6965c0a83146e5e865b7bba0aaa37c9f31d883def10f3c58626a2d81186c457dbd57d26d5166eccca20835a57c240f4a0b6f3e8da434e00dda13e