Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15/04/2024, 20:45
General
-
Target
2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe
-
Size
216KB
-
MD5
7b0faeb819c6603a689e99255dfc5f59
-
SHA1
a7df8e6747cebd19e14c4ae115653b1738f96932
-
SHA256
ecb1a0f7b625253d9a0f6f6515650b3766585a377d2eb557366aefb9043d70fd
-
SHA512
3dc3456913154c0d8da337292cd9072d91b053f81eb4985866b77164622690bee73974168a9a4b9d20ee01f74c40407f4d070c3bad08d0336b0f85abac4f5aec
-
SSDEEP
3072:jEGh0orl+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMUy:jEGJlEeKcAEcGy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-15_7b0faeb819c6603a689e99255dfc5f59_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E694909A-E2CF-4a48-8906-CA930D619A2F}.exeC:\Windows\{E694909A-E2CF-4a48-8906-CA930D619A2F}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3016A23C-9117-4690-99FB-CCA84FA0BE88}.exeC:\Windows\{3016A23C-9117-4690-99FB-CCA84FA0BE88}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7443C1F4-4FB3-481b-9C5A-7712252DDB7C}.exeC:\Windows\{7443C1F4-4FB3-481b-9C5A-7712252DDB7C}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C51C710B-E549-438c-9704-9D68FC3865C7}.exeC:\Windows\{C51C710B-E549-438c-9704-9D68FC3865C7}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AC48C794-98AE-4beb-AFBC-B58DB68C9360}.exeC:\Windows\{AC48C794-98AE-4beb-AFBC-B58DB68C9360}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D3E49B9D-2E92-4e73-9BA9-8C6263EE5C33}.exeC:\Windows\{D3E49B9D-2E92-4e73-9BA9-8C6263EE5C33}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{47D77050-87C9-40b7-9233-6BBF15314283}.exeC:\Windows\{47D77050-87C9-40b7-9233-6BBF15314283}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AA3645E5-DB6E-4c0e-ACC4-F8C2EBFA67CF}.exeC:\Windows\{AA3645E5-DB6E-4c0e-ACC4-F8C2EBFA67CF}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B3AC2612-5F53-4cce-8DB1-8EF377AF1A4F}.exeC:\Windows\{B3AC2612-5F53-4cce-8DB1-8EF377AF1A4F}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{66427B85-F0B3-40e2-9045-5DBE233D7E87}.exeC:\Windows\{66427B85-F0B3-40e2-9045-5DBE233D7E87}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{17AEEC9C-6AB6-4b59-B89D-6EA9BCDC9426}.exeC:\Windows\{17AEEC9C-6AB6-4b59-B89D-6EA9BCDC9426}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{1D5BD0B8-7C8A-4a2e-B4CC-774B52985726}.exeC:\Windows\{1D5BD0B8-7C8A-4a2e-B4CC-774B52985726}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{17AEE~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66427~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B3AC2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AA364~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47D77~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D3E49~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AC48C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C51C7~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7443C~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3016A~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E6949~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
MD52a0dbb14b3cbfcd28671ceaba0b6fde4
SHA1692f36c0eaef5f9a4912f2de1dd3d5792cf3157e
SHA256279f721589500b0f5a407e8d5b0a34ae5063b75e3f609472e3d867e93d910fd2
SHA51200627c88e5978efd621299caa963139eaf789d9c2127a1a3163b705a6591a551ec3430584035bfec3ab294bfa48223925f986e0c9414d1431ebbeecfcdce4488
-
Filesize
216KB
MD5de25d153f0afa6c759cd1cc4a531ae26
SHA1b5810ad541eea43b3944809547fef9f6ec57986f
SHA2568278f0724cb5fd88c1791466e871f784bb82da4b57a4b2cb5a1e396dc9b24edc
SHA5120fe6bae3fd0dd995f14b8333269584d2209bd54eedbdb9e22837b8ea66c2e19e157da7e5fab16f473ae94a55cf7f33368574b66d3201197dc53c16009e814b31
-
Filesize
216KB
MD5d32795fff3425c54a89d02faca45be4f
SHA1079c178e855525626f947a2e3cb80c237da5c724
SHA2567b4dd0b5e05730ca275a314719fcb47e825a0f7162f20f89a05a55184135fb27
SHA5123cc9583dc5b2a7ea13bcdae8d0cdc45d55cd9b40117c112dcc108a2a9853c19c8d6ae6023ef64993a51036d81a28730df8d7574535a1be371e26fc303ad475ff
-
Filesize
216KB
MD5ebb98d4d72c3710f0f3551299501ef26
SHA1802fda41665c2b960f652523c85b9910615ed208
SHA2561043c33b81c7b279285e5c13d212800d31aa58a0d36aafd9e53d3c21602d63a6
SHA512b88883dc3a9558447bfe4cb8624d4c90a695c86e9c304f4d54a9b88a6ff2598455b6f3b1018079f9b65530bf18077263bf84ddb9008c617e3900c025edff48e3
-
Filesize
216KB
MD5da6b03d292255466bbb13f05d99b57c6
SHA11e2ebb503bff720261f9db73aa167dad52cf7f05
SHA25627375ea2cd5d0ec36dc41dfe2dded2952b74e59b7bc9559d13c259e687f819cb
SHA5121b6271a3844f2d27f48f27a992f7e9b133ef895ac80224858b6ed52e27f70bc3f4bbc4b829fee0f6e7b3f4368914e67492589415257a55b3a37bf98252157434
-
Filesize
216KB
MD5f5540cb823f58f56a0a26dfabec9f4d9
SHA1873be7a97aba250f8b9b22fedef69ef634024d04
SHA256dd3787a418b03c842ab9ed2879085a75e9d978e44beec33ed0751d8d1637107f
SHA512d1d98a7398eff9af73dc890485c14fe267d93d1f40d003a98b5296b5e050a1eade678624235456006c492a3de6b53d1be0b451760f63c5ea5dd6e67d97f86d95
-
Filesize
216KB
MD596f6202358c7af574eb68f56be257877
SHA1667579f37dfaa8b53ebb84cdbbd0633ec9427889
SHA2568a4a6cbda841f9f9ad33f39e3b849098c28f790d12eb2ac0de65a438c860a718
SHA51215450128bec0f94121750c94c247b2ac71d1573cd065a91d841db5d901d36d9dbfa4290c6a8aae6979ea9f277923bb3a222653a9181130fbf54184fda327fddb
-
Filesize
216KB
MD55e9fde28929b71af3fc209f5601d71e6
SHA15b68e43c97196e19016a1a8e14942ca835e566ea
SHA2565284122c3580199156ffb112830d3372a40b236ffe68c73dcad51426d6363284
SHA512c5ebbcaa8c3c8fb83768c482bd8546c73a0b6ebac192ffdbef56e78703b2cf5b8e1c52433b32b378dcff3d1c9708b3a8e6ebd48a79222071bdea1c6425d91329
-
Filesize
216KB
MD5023429262f8dad6a618321a8db568352
SHA1ec2ac7855851d6d9d2e3c64dc44e36e9cd9a4fb7
SHA256409104ffe124ebdb56bfdc536cb5a223123d627f5b4a34893dd58c7a5d1d1789
SHA512176949b6c892977bbc482030f1426c2a1649559069de3e1505d82589c389a0f8ff1c19d5042462e3b3013357c0fc3d199896d6d2bcc90934b1c52b9987d681b5
-
Filesize
216KB
MD53aaa6d2263d1ed4606861189495287cf
SHA113051a91ab2ea61a4e1d0399bee0c0b5d71d9e8a
SHA256874e200dfc01f8bde19c7c6844728393e97764553adcac110b741c482d5d11f3
SHA51208f649c300c3945fad14c7b007610b0e9838512a1b3a8d2d3386cbcfb37c9ff4ec1830ec6760b29df14cc43dbccada698f7a49c1dbde753ac65ab0cdf12fc496
-
Filesize
216KB
MD5e421b12da606a2dc86a469f1bb2582c7
SHA17f69f752cc8378278032169c9ea52342768e1782
SHA2560924eb32c055da805061d71bbcc2915886314e1f6bd741e0304cf8245837fb4a
SHA512cf741500ae3a69c79971ffd84ff7490564b786ab9879999049d95a9baf0df312de1def1b7dd8c7b16e13333a0a373d4a0fa9a42d234bbe2a4146f8b0537af6ca
-
Filesize
216KB
MD54122e193dd2bf36b2d74745989f6ea7a
SHA143a3352f8fdbaa9f5a5b64d5965465eb0a64b915
SHA256abdf8e3441b5a3d9f0b418e4947b6778b9ad97eb6c324366f4cdec3c8624de69
SHA5127eb45ac72ffcfb1270ce9c0828c390ab3a97d5e678a672bcd7e9c3ab9d6730c82cd0bd032b65fee6ad1db62a47ec88ed7cac9c8bc8030b5363479d619fea269c