Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/04/2024, 03:41
General
-
Target
2024-04-06_4b5eb739454a2c236bef477ea28d5bbf_goldeneye.exe
-
Size
204KB
-
MD5
4b5eb739454a2c236bef477ea28d5bbf
-
SHA1
f8869baa983a74cef0a52f2b4045690176f35a8d
-
SHA256
82c3f2a39b1cb9b73c015bc9e62b9922ea42fde7d663ad98f4a3ec72554581f9
-
SHA512
05227427c5671d08d8defa631d7d40cba01e71690ad81c8c5f6395cb1ab490bbd9da3e03c074adbe743f775ac807d0780a9b0133bf3547426db960d14bd8db54
-
SSDEEP
1536:1EGh0oWCl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oWCl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_4b5eb739454a2c236bef477ea28d5bbf_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_4b5eb739454a2c236bef477ea28d5bbf_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{253FC0E0-1392-4151-8376-09475402E3F4}.exeC:\Windows\{253FC0E0-1392-4151-8376-09475402E3F4}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4E06F678-75F5-45bc-B840-C6731E05144F}.exeC:\Windows\{4E06F678-75F5-45bc-B840-C6731E05144F}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{02125B33-99A8-47e0-BA8E-FA62358B4759}.exeC:\Windows\{02125B33-99A8-47e0-BA8E-FA62358B4759}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9FC3950-3497-4516-B63C-EAFA2DC53EB0}.exeC:\Windows\{B9FC3950-3497-4516-B63C-EAFA2DC53EB0}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4BB46FE5-C010-4de6-A129-D7FB3636F1D5}.exeC:\Windows\{4BB46FE5-C010-4de6-A129-D7FB3636F1D5}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F738A2F0-D27F-41cd-8181-75FB463E3A74}.exeC:\Windows\{F738A2F0-D27F-41cd-8181-75FB463E3A74}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{613C4033-F235-4af9-92CB-9D790D32E79D}.exeC:\Windows\{613C4033-F235-4af9-92CB-9D790D32E79D}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5565996D-9C93-4961-AED6-093A638CFC61}.exeC:\Windows\{5565996D-9C93-4961-AED6-093A638CFC61}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{58FAC859-1AEC-4f2c-B69E-ABAFF38A026E}.exeC:\Windows\{58FAC859-1AEC-4f2c-B69E-ABAFF38A026E}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1AD00C1F-3012-4830-B931-EFB6B23FD5B9}.exeC:\Windows\{1AD00C1F-3012-4830-B931-EFB6B23FD5B9}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0BBAD367-0902-4ea6-9153-AB80B0287670}.exeC:\Windows\{0BBAD367-0902-4ea6-9153-AB80B0287670}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{962651F3-1FFC-4a8a-ADDD-40CA6A724E4D}.exeC:\Windows\{962651F3-1FFC-4a8a-ADDD-40CA6A724E4D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0BBAD~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1AD00~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58FAC~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{55659~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{613C4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F738A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4BB46~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9FC3~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{02125~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4E06F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{253FC~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD5a9d75dd8a1732c40e3a6f60eeac1760e
SHA1cabf54fbad478b6c501cc8ac978d91beee4ec000
SHA2562515993cd90a77f7eb35395061c63dc44d51acf5d205df1cb12eef068699944c
SHA5125dad93cd75b159e2ff82e0aa3fcfb873c1c5ba2fec3930d7169f55469043b8dbd209f930b4234d621b80bd42bd4b1098eed74e54eb63dde502f02679f797b446
-
Filesize
204KB
MD5473cf791cd3be5d2b3755854f99441c4
SHA19a4ecbbd4b494047928b173db9eaa4f0383e0fe5
SHA256960e2c494df91c6b0cd09230322380e9b2f505cdde8da09a9a9de854b3867f94
SHA5125418140046484e3d5c4b905619c16d49d3bd8d513a01ed3cd0208dfe293d261377446af9873540a96ed9db05c68940b8214e3ba852a8f5e943a1ef9e1cd596c9
-
Filesize
204KB
MD5a167a51a35269b1cdabe222008154de7
SHA1c21db78a2d1c3449d27e21c421d631abca67cc71
SHA2560f29bf05fdaa7b9fbbe02dd2749acad707a03a2b2418dcb09197387694de6d0d
SHA512987afb7557157996e46dda550bdc22a8d2e8da1688a4093d5fa83a7faf0189b5dae73b50fcae03b8c8c55da520ec2407c9bc625f89e601fe44d492847ea246db
-
Filesize
204KB
MD592297b8ee4ecd77d591d0798d71ac35c
SHA1c47948d5ae759c8efab6e7996a74cd4fb442b300
SHA256976099bd05d378d5e8a353685a1d3800381a9ed3493530203c17b9f5dcede34a
SHA5129b35ef9555a333bb1f66f77f048db60dce9cb964aaebf2b6f12f4c70256a3dde0473dd77f5a6fd4b6d0b5c9c761cea3f977cf9f4603fe40ef45f6b55a313da9b
-
Filesize
204KB
MD50967c7cef40959e62be6d83f97a33edd
SHA1c536dc29e0f930e817bedfa36ade72a3fb552424
SHA2563090e3b44ddee8957cee47ca97e0238d5830deb93116064342cd25f96741d021
SHA512beb8cd924c330358b137d89cd6924d2878d3c6768c9ee65b5c02bd874ff75903a3bf6ef1ca614d782c2aa77ef60f886361c8ebaa9d495a6f3db5ba9b56425d52
-
Filesize
204KB
MD5254dd6b1678339470e94b84b1ccf75ae
SHA140edf3293d625fa4ab74997207d85828754285a9
SHA2563c824bf5f1ddb467945d379353dedf571c30a5abd52f985a62367e76261d5206
SHA512681c724e7044edf7f01ef830f39002992d518789fea37e63744eaf77708751ea5268f6fb5cb7a7524ffa5b4795981d8e8a195a7bc62587b1bd6fa53601895f62
-
Filesize
204KB
MD52d05654398bda9b633a20f07c35b4c9f
SHA185b11b523c59fdb9f7b9c7a15cfb04b3bb840d87
SHA2569f91b1c9d5d123539d94e666e2e33b8625a0d9e6041cf43669d64c77b9850ee1
SHA512b8a3a5e16d0c1be856cb38c4468f26c679191d829cd84d0bc2a9376de2a9c8918bab77b32197d22c0df3930b2febb177204f71f364feb42efb33860df649f46c
-
Filesize
204KB
MD5e1fd1ed2e263814f07796295667e8f9d
SHA14d61656566676674207103f2b124b279b46fbe66
SHA25640ecd5d7a83d5fabc59e231522f98855ce91f4892235d93d9f555ab5b83b8220
SHA5126efedfee480276d5daa714fd74fc030963ff6dcc675cc95ef29a55ddd3fade4aea4c698cdbeab781aea7eb8e3ccc59af2bd1c0db541bf52fe6dc1ab0d05725f5
-
Filesize
204KB
MD5105ef58c7cacd99f46580c14ffe03327
SHA1ade12b741c91fc4785b17278731628b14e071854
SHA2567cecca2c34c44547ed7c22c0dc9656e4f65ebe50103c119b97236d4c33fac685
SHA512fab1d1f6baf3082e32678f3e3a0b958d9a706e87fef17a4c5cc358c5fdba29d39d94938ac9607dccb56f523d597ae73819b016a1749ebe18019084d1555f3b74
-
Filesize
204KB
MD5b3bee91313cf3718f777b743b9381b10
SHA18463a11f41fb47e0dca6ab3d9f63b10802ad12dd
SHA256f7810f9a6eb3bf9bfae722e53eb6463ab97522602178cda5fc6c3c4d2f1df3e4
SHA5128e9828374b5015610c904417331e43cfb780659301b3cc7881c3a7b1495f6d63bc7359eff9c643e5b243308ee317d02f2edbc349b52a9f6071ce0b6042d5e52d
-
Filesize
204KB
MD58c166db21c8a2857602303b44363dfaf
SHA13a8d26ab84a4d9ca6f27221e7198863eb7fd452f
SHA2564fe50791c1f6c1439cddc85feaf992fbd86a22ec7df566dc37647b23f5f92172
SHA5124bbdcfef6edaa33555b01cae65f49067936f1796ea86b267a46fcfd0d86af8e40c0398620f37480605d2baad8c30d5dcd73cf9383b96d22d4a975a55879092d3
-
Filesize
204KB
MD55c7acc3afb7734e6f8f37e325f926c4a
SHA105c82438c44993ce31d32cca5c2c0306a6b79911
SHA2561f0e704c8c0b13fb5b0243efc03d76ace07f6c11f639e13a125d9b0203f1c3bf
SHA512e1fb5edb31fd22979c22a74a283d5ec7f550643805d1afb07f67fed60f7c6273d30490dab997099a0ece1fb4b697a23a8e4655dea06614ffe45b0e1edf1c3dcd