Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
-
submitted
08/04/2024, 19:28
General
-
Target
2024-04-08_af9e0517c70c6cd8a3bbadd478ceb2d0_goldeneye.exe
-
Size
216KB
-
MD5
af9e0517c70c6cd8a3bbadd478ceb2d0
-
SHA1
3f34dfcea92cc8b68eab4233cb98aa3855a024d1
-
SHA256
e1a8ae76a860d0ed762222ed64d6e9f6b3a8d1be52a83b4d448087f6c428c1da
-
SHA512
b99c9c32a3040b691964978d98dd31c7aa51d5cdf510a1bacc4b5a22b6ae7d195c12b110b39548d1324a17c54244fe3058b15ffadfe5527fc2bca4334684e574
-
SSDEEP
3072:jEGh0o5l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGLlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-08_af9e0517c70c6cd8a3bbadd478ceb2d0_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-08_af9e0517c70c6cd8a3bbadd478ceb2d0_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{85119707-EC19-4481-A0D1-A45773258884}.exeC:\Windows\{85119707-EC19-4481-A0D1-A45773258884}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{23595D03-2C74-41b7-BEA2-6B17FD65C9B4}.exeC:\Windows\{23595D03-2C74-41b7-BEA2-6B17FD65C9B4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5F15C657-55D9-4cb3-BA76-E2A111703BC0}.exeC:\Windows\{5F15C657-55D9-4cb3-BA76-E2A111703BC0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{84B6C964-C4E1-4c64-8C58-0046EA10F5DA}.exeC:\Windows\{84B6C964-C4E1-4c64-8C58-0046EA10F5DA}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6F872377-138E-4635-9A4C-E4F25BE5B097}.exeC:\Windows\{6F872377-138E-4635-9A4C-E4F25BE5B097}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A8E0EEF1-57BD-476f-A5D6-079B3F12F385}.exeC:\Windows\{A8E0EEF1-57BD-476f-A5D6-079B3F12F385}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1E7FB6C3-4CCB-4189-9701-CD5FF9D0ED98}.exeC:\Windows\{1E7FB6C3-4CCB-4189-9701-CD5FF9D0ED98}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D4059AE-79B5-4650-AFFC-2C1AE9631E44}.exeC:\Windows\{3D4059AE-79B5-4650-AFFC-2C1AE9631E44}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EDBA8388-16DB-4f68-8835-F30770307F17}.exeC:\Windows\{EDBA8388-16DB-4f68-8835-F30770307F17}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{21710C6A-335D-4157-AEB1-EC211CAFDE44}.exeC:\Windows\{21710C6A-335D-4157-AEB1-EC211CAFDE44}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C1EB56A-5C49-41d5-8669-7BDF14AACC0B}.exeC:\Windows\{6C1EB56A-5C49-41d5-8669-7BDF14AACC0B}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{D59951A5-B514-499d-BB7B-4BDCD0D22C12}.exeC:\Windows\{D59951A5-B514-499d-BB7B-4BDCD0D22C12}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C1EB~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{21710~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EDBA8~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D405~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1E7FB~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A8E0E~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6F872~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{84B6C~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5F15C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{23595~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{85119~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1392 --field-trial-handle=2844,i,5640589924128028832,7963280732661142908,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD5696bc864122e2244fd5a109b5ae306cf
SHA130442ef07c44163b62657696adaa5f2ba7b21067
SHA256708866ba0b889be37aa6cad8b9b4fe0da5128c1fcab5ea4924867b7e1b54e1ad
SHA51284ecbf224ea5c7ac0eeaaad81e4687691579ee0bfc999f47a20f8ea875df96b5aed46191c3fd640badc21ac41cd2758707f678c8066cb5c374c2b65ab933a041
-
Filesize
216KB
MD5e72846592f506a4fdc0c0a6d9b5dcabb
SHA1d05ec6df5eff3a50ed35efb68a2c726135ac20bd
SHA256aec5875fb143fd25f6ddfa40bcce66e030837596340c6c58b89a8e12ea1e8fea
SHA512bf64bbfcbbc9e9c317062a8f2e348ec623c1e1fc92c5e6596fc3cbc4c0806eec127b1d2f97888c607393932daadab7d88ae38cb49863bae88dc4b5b5aad958df
-
Filesize
216KB
MD55509f0a49a652ec8efd03426eb300d8e
SHA1cb9ed63ddc4307ddf7e95ea22c5d03ec3f162e0a
SHA2562e54ded42d58d3490170e3872e9898a8ae08418700113ccdf4da7cad3c269b99
SHA512c6901be43529a1eb804425bf38ad08d6c37b974c3ce6403f93fafcc944f53ff224b536f0f49ce263d0549c7d9f306da2210dbae0c299a2e4f68d5dbd94f6d833
-
Filesize
216KB
MD51a91d5cf8757090ea0cc8d94333ee008
SHA14e2fdb62aa840a20c1480211d168aa3b022ddddc
SHA25619666b3952db3f4efbadd05d9b0daf10156d503a71f2292579b328a8c2272097
SHA512e17a2704d4194a0a82f130662c23e541b0debafb3d086abaa7d32915272170825ef3a116342cdd1e36cf118fc1ec0eaebf3312fc8edf4d42151461c2c38c1b8a
-
Filesize
216KB
MD56824590e5f0eb6f14947f352a49a05f2
SHA100cb45633819b66f5b5743081e6974bdf2857303
SHA256de4e074dfd19d0b5d518f640c5897d17a316483e866d43347d64275fab28e641
SHA512d7ecded99ff9074e67dec5413b2d536b9ae59df7bb09226d46e84b6829aa4d3cb7754f40b79b20bd6474c5c58644ff4868da649818a09b2431d243590dc0f8f2
-
Filesize
216KB
MD586e66b3f6f16e7777e2494069b4fdf49
SHA141bd83a5cf884c1bd23b028e64b0663654c265de
SHA2563f0501b5011b880e2a6d023ccb34d445627a3854a7d6d3fc37b57dbb12ab3648
SHA512a3deee56a702871e5a070c82bd5b14784dc74e0be8a68c54070536cdd33083fb397ec247c15deb9a16da6966aca4957f25760cb749d0766633d70d84b35002b4
-
Filesize
216KB
MD53bc5c336deb08e0cff1aa8ee701d3228
SHA1596bee382e6a6b97862390c1732d59652bab640f
SHA2561e4e701f435958b59e10532dd8c7fe0dc512cf5fc699493b03d2911b86512fbe
SHA512c331470ca4afe8722c316e5868d0f852c49f31400ad073a560c10971ce1deb3d23f51eaf6db06b3682306a8f97d626a44cfae87b597886d35d660c9d532edb86
-
Filesize
216KB
MD5e6f01412bbd729fcf77139d42a8df3a8
SHA15630a0e84fa26eee7ef30b717cf85760bbeb0c8f
SHA2561877e34c47dff729a44e339f1c4b8567c9fb701de59d6be103c9d5e6050de522
SHA5127465c3f50a7a8b5e10c416286ea224b1c2c318b358b2dcd24958428928b59ef99b885b99563ba7382940db700f911832e6b06823cd9ff3df9675597038bfe1b4
-
Filesize
216KB
MD5094ec8250f38620fa2fff83fcbfba2a9
SHA15970164576b7c5ec1b2026936300b392be48eefe
SHA256d36cf3b71089948ba556cf5ae8a500f3b443a3ba86306936a171d3ebb59b78c9
SHA512596865532dfe443c58df2b2080ee465e84c80ec1d7f9be43bb0bf00826fa41c1578339db0dca49621849ccf7ffd8a944ddb6494bbd47ef945f3013e1e162d7f8
-
Filesize
216KB
MD501b2bb060abfc0c8e107c83add629c26
SHA18b06f383988b5fcf209621338858d6d8ca7d345b
SHA2560938d38130fa0e2b97ee4dca206f7b4b3a51ebe6e9ebedffe75a04a209f30e5a
SHA51200693b4380ad2d15b95dc58e1eb97dfeeaf859c3787e9edbb8fcd15821940ba20ed388af6562be40434ea14a705e1fef49735f73a323e774f0c328fa2c7fd760
-
Filesize
216KB
MD5a0d58e8035557102f83a09a4647c9cc6
SHA1410d563fc1a5657b838c885f306ad662e20c5403
SHA256b3fc3831291add6d86813793dbdbb71053cd937dbace34e0349a6f5170c6db1e
SHA5128c6edf71d07501d33e55432c51ef477d1385401eededca7c7359b7c6e970ac3c842df28c6f81f55c1e618ee171ac678214e9dd79ba52ec80435ee4eb91b632c0
-
Filesize
216KB
MD55a47f21c89ca16aaae48365ef3762995
SHA14b99c340c6afa32d489389dbd416e4878b874546
SHA256b5a5e14da2af35f74527748df9f46e6c242ffda92a1b4119011db9c01cd4621d
SHA512223f2450d35f2d73cc693d1b97cf22a988072045d7aa1344b779699918b04ceda0f80e8cc02fd45d2160f0edec596b575f48838eaf562d6274b48c79315110fe