Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
06/04/2024, 11:05
General
-
Target
2024-04-06_ebe05313c99422f99c79c14da6cff5d9_goldeneye.exe
-
Size
408KB
-
MD5
ebe05313c99422f99c79c14da6cff5d9
-
SHA1
3ef76f0fed633cf343a5a61331c28945cf39fd4f
-
SHA256
1bdd35a29d4b0bda09e361f635cbcee2a32e7f573d289aab9ed98dbb50ddf866
-
SHA512
da9e5ca4779b12a972b2b66a11ece32a69fe028ab98b3967f14eb6934d0de4bfdc8c1c13e412b8f89507f4f1bb01cc06f560db3dafe4f6acfeec00473b19fb34
-
SSDEEP
3072:CEGh0oNl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBft:CEGrldOe2MUVg3vTeKcAEciTBqr3jy9
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-06_ebe05313c99422f99c79c14da6cff5d9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-06_ebe05313c99422f99c79c14da6cff5d9_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CFAF4968-77B8-4e14-AE5B-7622EC9F689D}.exeC:\Windows\{CFAF4968-77B8-4e14-AE5B-7622EC9F689D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D19D0CF8-B9E8-4c11-8426-82B2974984C4}.exeC:\Windows\{D19D0CF8-B9E8-4c11-8426-82B2974984C4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C10B41B8-7107-4a15-A876-E3F6225C26DD}.exeC:\Windows\{C10B41B8-7107-4a15-A876-E3F6225C26DD}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DFEB9CA1-7B5D-41b8-94FB-258C965C265B}.exeC:\Windows\{DFEB9CA1-7B5D-41b8-94FB-258C965C265B}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F499DCFB-A756-4e29-BAD8-404C2EB302A3}.exeC:\Windows\{F499DCFB-A756-4e29-BAD8-404C2EB302A3}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FD5F3E9D-CC0B-412b-AF6A-2DA3330B135F}.exeC:\Windows\{FD5F3E9D-CC0B-412b-AF6A-2DA3330B135F}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AF79CAB5-9563-4adf-B2FA-CFE809DFB6D2}.exeC:\Windows\{AF79CAB5-9563-4adf-B2FA-CFE809DFB6D2}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5BABC9AE-A694-4301-A581-D4DBC0B247A5}.exeC:\Windows\{5BABC9AE-A694-4301-A581-D4DBC0B247A5}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{32799502-DDB3-43da-96EE-A4BE9C9B56F5}.exeC:\Windows\{32799502-DDB3-43da-96EE-A4BE9C9B56F5}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7BC6E381-0CD9-4fa8-91AA-84E313658854}.exeC:\Windows\{7BC6E381-0CD9-4fa8-91AA-84E313658854}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2C094951-9E53-4249-AC6B-D97A15E84395}.exeC:\Windows\{2C094951-9E53-4249-AC6B-D97A15E84395}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{3A987B64-8D8F-45fd-A00E-0E7B33F393FC}.exeC:\Windows\{3A987B64-8D8F-45fd-A00E-0E7B33F393FC}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2C094~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7BC6E~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{32799~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5BABC~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AF79C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FD5F3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F499D~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DFEB9~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C10B4~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D19D0~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CFAF4~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD57d9ce823b82eadc51b5cb53ed4ed0b42
SHA11d99e171855dae476f6c094236ded003f78d4382
SHA256b0d2e4ac75c7f685661273256ffefbc92d467ba4a5ca70b1b6d6c276cbcf677a
SHA512198b811efab59d3492a5183e3d69ddab15c17c33de30b4ab8a2debe2001ca23783ce83eb5b0489bcd5a0f7dcde7be19218256476f444346aec806a301f05806e
-
Filesize
408KB
MD5bee371fc01af2c9c94bd2066f600116d
SHA16dfa1f41ac8dbc02988ee478a76d2da30f800280
SHA256fa53c76b9dc7017874a2d977e3f5e22bc1adda530042f836db2eb68b040b50ac
SHA5123f74b6c46bfbc3e349300a5b4985b907cffdf89bdd59fa11ee4ad08142e6561ad9f8b1e34866cd59f8287f0f74e0099c3777b6b4cf9a21a75e51ea24d06c48c2
-
Filesize
408KB
MD557151cbeaf75bce3a1f14ec4789deacb
SHA18bc2247ef1fca9735bb171a9e06d1c844159f510
SHA25681c93d7fd0dfda8c0856ea8c4fd2f873650bf6baca3d4349b3019b50f13f6acb
SHA512d425c4cde961e9aad602273dfa5ae5986b67ecc98ce11caffd750855267d5416d263d2e5cc9e3496454ab7ee861a532a72bf6865b29700d4ff45d2c63d9ecb51
-
Filesize
408KB
MD5395552851a8fc18361a64b417420fd48
SHA1b476ba7c4d0704e09d672965c9117fcf8c3a9450
SHA256c3084caaab955f9405b0a5d110fbbce9cfabb991faf7f1ff0d0b938463b0d3e0
SHA51294529a841c21835d3983a4bb792f23726202695af7ab3511c5f2312b504876b0d00ac846085ffcfe1235c2cc4c318c3dfc75278944409e4f409436ce33095af7
-
Filesize
408KB
MD554a2703ec5b8ee14c99f5fe69695584a
SHA17114081c6ed4f6e9c928e4f611010df8334e293d
SHA256fd58b79e99b678d549cd2cf62a19ef9249c14bd3b85e36c31b09fe72e848b2dd
SHA512c0161841f2d9d789f37776cd4417aab82571c350180406cc7f5ce9592b0e1bd76389de40103384c68be8ef6aa3def20d048602907363c1b469ad7ee4ce2377f6
-
Filesize
408KB
MD5840083f1a834d61d575577e002d92986
SHA1fccb0fc4f79a01d4ed55cd0bc9c7c6d682b898ea
SHA256876564b2f7be210441d4f79b537135dbfdfb1f3c94c792d508d6b6896602f4af
SHA512d73b252f1fdfd11534f921d47f870ac11673be497e1ef6489183a7ae63a96b00654128f27256024691ad40564bf4410810f98eb05da7dbeaab6f21d59c190e67
-
Filesize
408KB
MD589e88150ee6c1c392b2b52e2ced865c8
SHA1576def042989168c5aff10502455d6d75cebdbd5
SHA2563db5d978c844a89054bcb101f3e83a2319ca8bfd37cd958914269113fe2f4a8c
SHA512721fcff16efda1041f3e7a9ad38cb79e05230ed648b9d2473782f0f26408d3f49a1f0f84943ae9d8e684a36a17492cf9c60ee1f917d1bdbef6c2a90c5ffc4a78
-
Filesize
408KB
MD5fb05c9900dcd700d7ebc78425d7b3010
SHA15d1e69d3984f11eb54c191d2e0935e2ac6c7be32
SHA256753ce9e8445626b822fd7cbf5db2c68dc56e773fad8d6aa882b69ae4f4b910cc
SHA5125e875224bbf57e1a3bb1ace27f340b5ed1d5c8bda1caf65d3ee5d600434abe56c9c84299398ba382994df091979334c210995da65dc95fa969193d73b1741c86
-
Filesize
408KB
MD544f62f4060ea651d43316fc6f3062eb3
SHA1a67b717de972300fee42c2801ab4d11422c04103
SHA256535f30fc4892bc04ff579933cc8b0f9349432513e169af0e0433ba4d3020eef9
SHA512b003e30b6bcaf48fa81a63af1a8bd3d06b912698be40f9dde48a541cf39008a3b6446c3317ef3cd3e4dcdc7c55e2d9b64f0fdcffc26dd8e2188b08f6c7897b70
-
Filesize
408KB
MD5eea91b937d0ca08a9fbba19f44307c18
SHA1bd5d37303d60f9d3622560253cd384bf423e1ea5
SHA2560d66ee09ffbad0a7a43990c079800be4a1db7cb55e549c8bb67ed31718a56300
SHA512c57cade8ac0ceabbdcf8546e40ce66d0f0a78abb840829da42fd32caa9a06d24c08955893222a747f0c3dc3c745c53af75caa3068cb0c3aa5356da9b74f2b90c
-
Filesize
408KB
MD5e1b9dd844afeb504a038133576015ab7
SHA1f01ae96c6ba60a570ccfc3a8be1bacbb1715de64
SHA256e0b8d6b3d42b955d4e71b42d317e6bb0bceebb3c5232b745cb28b069fd995713
SHA5120126737f94e9808b2d6013f08ce12ee5c387f3c1c0982cf588e265f1a2da3f09f29ae60ae8959da33d1970ac418b727e92ea64139f073a73c6ebb687f6c9cf28
-
Filesize
408KB
MD5b6f49417578882a8b7609c9b2570fa95
SHA14de068fb491450c8a6953958eefb49da41dc4426
SHA2569b1b828bf60caf3572855d553d1a8c85cc635c535641cdadd76b2dc183ee65ec
SHA5126dd1bfbf295bb0d0a2bfa54abc2f4ffc36ff723c66373682fbef7b6c92b31689c2efd24f2f0a5fe45b5ec87494f3f1ffff3a364a071a18c3addd8e8c8828a12d