Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10/04/2024, 11:35
General
-
Target
2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe
-
Size
216KB
-
MD5
6229cb26bbd088e6796c364e03b807c6
-
SHA1
5d31372d2439df50ddf15b9a9d1c7f6e9d7674f0
-
SHA256
ae76db1319fe94de8c4ede1c4f671c7be99a7f65a114ae2515b853d19a7db8cb
-
SHA512
69ddfba2f087e58f2c733a6635889025677f27c98293a5b6f9bf82fcdac1251f34a0dc96717e159cb1492722f5fe471951b10fd4c7fd009ba7c1cd75255d0cf1
-
SSDEEP
3072:jEGh0okl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGSlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-10_6229cb26bbd088e6796c364e03b807c6_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9D4CCDBE-62E1-46df-9ED5-D8C3EB0FFE9D}.exeC:\Windows\{9D4CCDBE-62E1-46df-9ED5-D8C3EB0FFE9D}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{444CBCFE-4E25-4e13-822A-EC3BD43BB52E}.exeC:\Windows\{444CBCFE-4E25-4e13-822A-EC3BD43BB52E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{90C2FD2B-8774-4478-93F8-E43E8CC6B6A8}.exeC:\Windows\{90C2FD2B-8774-4478-93F8-E43E8CC6B6A8}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BCA49CBD-BCA1-4f1a-9D95-2F07A3B125BC}.exeC:\Windows\{BCA49CBD-BCA1-4f1a-9D95-2F07A3B125BC}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B295CFF5-62E5-497c-B133-5C52687766DA}.exeC:\Windows\{B295CFF5-62E5-497c-B133-5C52687766DA}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B0A4253-EAFF-45a7-97B8-2B2A693E3910}.exeC:\Windows\{9B0A4253-EAFF-45a7-97B8-2B2A693E3910}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C5D0C1C-8DC2-4a30-AE2D-FA3578A499D0}.exeC:\Windows\{4C5D0C1C-8DC2-4a30-AE2D-FA3578A499D0}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{922E49C2-8071-45c7-B34B-68B8BD976488}.exeC:\Windows\{922E49C2-8071-45c7-B34B-68B8BD976488}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3B085696-9538-4ac5-8ECA-3960DDAE9ACB}.exeC:\Windows\{3B085696-9538-4ac5-8ECA-3960DDAE9ACB}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{05185F87-1B1B-4d15-941E-1DBE8E342BE1}.exeC:\Windows\{05185F87-1B1B-4d15-941E-1DBE8E342BE1}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D4051ECC-96CD-400d-B9C1-0F5B90485738}.exeC:\Windows\{D4051ECC-96CD-400d-B9C1-0F5B90485738}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{11C2A6BB-A5F3-4040-9604-0EB5FDE1F95A}.exeC:\Windows\{11C2A6BB-A5F3-4040-9604-0EB5FDE1F95A}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4051~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{05185~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3B085~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{922E4~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C5D0~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B0A4~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B295C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BCA49~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90C2F~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{444CB~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9D4CC~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD567d255615c70a824f6935cf38323c947
SHA1f20269dee4d5cf125ae27b7db6e5c2de2cc5836d
SHA2566a2286cf30d409715e79967c8622d24061cf8f03f87f6ced685bc74494607d60
SHA5123be4e657f1ea20b9e03f71b64a2089852ded6e5d8535f973829da96ade5c8ef465183869d680028936d9052ec9748380ddd35a555a5d749aaef1f014117f517c
-
Filesize
216KB
MD52e071b4c40346c6d2721216ea6bb9d3c
SHA17d8533179c950d2692fb8b009bff559dd4b3e8f1
SHA25633d6299ac664a8e386591cfb6045c6e0dd014c56215b8b097a192867b347abea
SHA512e0b446d2a1de258e4a275e88dbb0d1232a25a83a6ed2f446c35ee69cb3b97937ccdc12e4c6a5ab2c36146b139f6192e011e7ea3f8b31128a882abc5b723d64c5
-
Filesize
216KB
MD54ce35dda2707cb2fa680fba90532a69f
SHA1a1d60d904e3b9bfbb5f74d2a419244b8f54ef784
SHA256f699d273e308db0be4ade65fdeddef8a2010407ad2918a64e118802c1c295a81
SHA5123919cdfce79585bc2340f972a561a280f72a5e5bf5496fed8743a95d00edadd1613698a7b484b9a385c7a91c06cd169cbdba432a0c7a419d52be6d294a783825
-
Filesize
216KB
MD574202e2bdb8e42e39a1bed5e6b4e379b
SHA17efb4f69ae8c1607eb27a8f07f19aa1663e4a1a0
SHA2565f9e4df13fc76b53f48a3a487047e2c1601ff93a8c0a84a73a31ba7dd9725a81
SHA512001558b7b235eca5dc504357a3fc5ec7cca1db01f70bde7abb415c51c088b9f2fe8abbf8c7a12af19aebbb363395af5c0bb40b604ac889b8c569f8bcb08cda92
-
Filesize
216KB
MD55c90a3fa876e06fed3c121dd2a6067e4
SHA1a8b00400c172348363cffff8afde8d01058e7c94
SHA256e2a8a976a008b04c2033d00beb0a2013ae7aead49331c8e0b9c05583cfb39876
SHA512065c27ae067a1e0e00cd8b1a95f0d97514c5b06c70cb93eec909bd71fd1c45b71f5b69e1b2b06f45c879ebe7e999b09cc35b892b833edbe60e0bd5db3b041bec
-
Filesize
216KB
MD54e42c0fa0216ab247a0a1f5cb7c44e86
SHA107364c45d328f14a4985efe5438223448774e38c
SHA256ec09bb59556d06d3ab57dd8aad2d3655dfcad06a961fda28ba526280de2661fe
SHA5124a9fc6aae4ec70d5479f779970e9d266bbf67f7531f30eed087e8c06e53c1804f4ed1d8d071593e9f20165e483c1e82a6e4b46d7ec8564530a437d2aaa8b05ee
-
Filesize
216KB
MD5290a57a0be532efcb14030a57a5c21ba
SHA1e1fb8c180a5da3b11de6f3d3bb228efffbd71f1b
SHA256c24eb57beae1edc1c3d2701ab35c78cb2cbdde8007c18f2eaf7e33a106b51f42
SHA5121d09f35ca7a9db464f4c25f8194645f482ae5669df6e8079ed352d6a17c93d751c909c97935398f80c41eb6b5a12209653d758082f6055ec437fcc7dc55bea6e
-
Filesize
216KB
MD589dd83d8aa5e3163b874347fbf8eed69
SHA11906d2aba5453cac39c3af7ad7639d6978802d39
SHA256544fff3fd3efe9fffdfb7374dae17c350834b89dd41e0668705df781a7b735f2
SHA512c470c99554e7d9903331ef90a8134fc0bfcf3ed9b36067e830ed0269bd0d6d7185f0165e920116e703a5c7d3378b61faa37f79c082d217fd17b29d3cc0521961
-
Filesize
216KB
MD587efcce58d3ccf9c849e34133bd7f8eb
SHA111c24c9db922d87db8f1b5e0c74a6895e0fe8826
SHA256b73860d85d5f74ed4e9f8cbdc0baea75b89475d5e7491b10a9f104ebbb31d49c
SHA5126faf5c0a02c17092106b0276a6eec4a7834c30f4b81bea36b6424da35ec80b500d9752cd49d8c179edabc2e8096c339af7c0f89d0df98d71f0824071b41e20db
-
Filesize
216KB
MD57995cf0fe71a72fe1736cdd5539525c6
SHA1f4856ae664f4d8afde4912c979cbf63ff21ce22c
SHA2560f6e5d01fbe709c2f137e4936a7dfe5ad6e1141d73c347184e7d00c14942221d
SHA512cd179f0967e6806adce57a94fefbb10b982916faf64654c449b55e0e025ac31af9860cc665bc7c70e00c68911acd58a2cfba7fc6bead67956395b88f4fdf0045
-
Filesize
216KB
MD590c633a421e2155a8ee8c62e6d5a233e
SHA18e6c1b10c31424de361d6571dfea6e607a86fe25
SHA256b97cdd82a0cc2c1c6392ba6a3142797c595243431cc0f46a8f6ac9471e2034e2
SHA512d052bddd1ed78d8d640338999796a1bff032cd9b263b7313a5380a86be43066059452192c7bfd720cede931758bd09031596887e62805bcb6cc48856d883c337
-
Filesize
216KB
MD52e8d7af1bb467d3a01b83c970f90a1a4
SHA190f8001a8796a5c3d633de9542958270b2773e41
SHA256334768597db264994adbac29c6e18334caefec7b0b92fb6a898451fc62c82502
SHA51269c2140886ddc78f959c89f09ed5f1af7ee868bb9f4e7155245ab9415259cf4067ff5994aded04747952da82a3749db6f7549e13df70f033fada3af30f84e911