Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
19/04/2024, 16:33
General
-
Target
2024-04-19_3ae37bd162dbd1b501ca06f4e1f99758_goldeneye.exe
-
Size
180KB
-
MD5
3ae37bd162dbd1b501ca06f4e1f99758
-
SHA1
1eb1936075054fada59f3246b6d4bdbf23a45202
-
SHA256
20208fcef0d9c56123af475831eb320ebf099d74b526b8c550378108c70dcd7e
-
SHA512
e3fbb048dfcb05f4e7c8a8f85b9bfae155e596377c38f2a866b502171e0714d34298778e41c8895178b7256128f9e90699232ab73d1fcf730ea50446b92df0e2
-
SSDEEP
3072:jEGh0oFlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGPl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-19_3ae37bd162dbd1b501ca06f4e1f99758_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-19_3ae37bd162dbd1b501ca06f4e1f99758_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{61336023-4338-4280-8925-4DFD5078BA00}.exeC:\Windows\{61336023-4338-4280-8925-4DFD5078BA00}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CB6C7C71-1E6E-4fa0-9A1B-2F712B06454E}.exeC:\Windows\{CB6C7C71-1E6E-4fa0-9A1B-2F712B06454E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B665097-2FE8-45d4-8B6B-0B8CE9F00BD0}.exeC:\Windows\{9B665097-2FE8-45d4-8B6B-0B8CE9F00BD0}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33A4B048-298C-414c-9D02-1DC3AA650D9F}.exeC:\Windows\{33A4B048-298C-414c-9D02-1DC3AA650D9F}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3F724728-77B7-435c-AD54-0B1EC32479F1}.exeC:\Windows\{3F724728-77B7-435c-AD54-0B1EC32479F1}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{69B33664-400C-484a-99EE-DE323796CFAC}.exeC:\Windows\{69B33664-400C-484a-99EE-DE323796CFAC}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{5EB53EEE-3FB6-4ed0-9805-D281A68D2C03}.exeC:\Windows\{5EB53EEE-3FB6-4ed0-9805-D281A68D2C03}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2D66207C-5F7C-460b-9F81-45C9A782B1C2}.exeC:\Windows\{2D66207C-5F7C-460b-9F81-45C9A782B1C2}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E60F0570-75EB-47d2-9A81-846EF79DAFE7}.exeC:\Windows\{E60F0570-75EB-47d2-9A81-846EF79DAFE7}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{37262FA6-9D0C-4ab1-8EFB-8ABB9E85D9FA}.exeC:\Windows\{37262FA6-9D0C-4ab1-8EFB-8ABB9E85D9FA}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1CB5FC86-2336-4bfd-8759-FE982324D145}.exeC:\Windows\{1CB5FC86-2336-4bfd-8759-FE982324D145}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{A972F111-3E24-4429-B73F-5011D0A6B931}.exeC:\Windows\{A972F111-3E24-4429-B73F-5011D0A6B931}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1CB5F~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{37262~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E60F0~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2D662~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{5EB53~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{69B33~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3F724~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33A4B~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B665~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CB6C7~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{61336~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD533170f0e43d089d39f85eda02f331c3c
SHA1fe34332bf402ce44f2ff343bcb84e28f7a88b07e
SHA256afb61c369d7baf65f056f119eba1fba3bc3d26555a7b4126ed6e44dac05ef933
SHA512aba6e458b7c8efef435f3e8892a8eb0c0bf8eb2cb0c5a28bbe841887153805521a37c26ab4620fff461582ecdb52bddf5fc072cfe8636242b31331bf147ae57f
-
Filesize
180KB
MD5485edcdfb222f100862542eed57984b1
SHA1f12ff34fd654817549bed6ee0cd9698b7b34b3ac
SHA256d8ccb59130ad60c8616433bba158c84832ac6941c1805ba297f682805bf21089
SHA512d125251036ee69206afa757b2e935c663799052721fddea14b5791548c8e342605408df6372a336807679ff1fa059eeddebe7f4e51dba4114e1782231bea2295
-
Filesize
180KB
MD576ed409938a463b52a3588344426158a
SHA19f6c059b43390acfba15d297c7bedae706fd68ef
SHA256fa850840eb5c4bb4099df87b33c242e112e95e0a1ad62634416f63f472b8107e
SHA5129121a418c1db0e31d40b3333404cfbde7024e51ea1a3ed70bd07267988950d7404f03d44bfa022ab1559f1b5ad090ce30eccc8c534daf1215d3c1bd6756c6ba5
-
Filesize
180KB
MD5335dd0bb9e514216bf9c9e7915ecebe6
SHA1d809c84dddd82fc4d3d9baf08da3f7a8c314f4f0
SHA25630efc6e868286a948b726a51846a9b03ff9e6896071e905992e8ebe72942492c
SHA512655273c49c29b3e48505b77dc924b2108d5f04987f475136594bb76f0c27e35c7252a17bfe1e7c659f899a9a3910f707de482f1b2677cb5c9f427bffaf102d51
-
Filesize
180KB
MD54a961b4d141bcc58960f4a9080febde7
SHA1306b050cfca62902cd3c7bcde60cc841ce1253e4
SHA25656d0c4be4c69bec059e48af87e300d21d88f616fe244276d8154efbc53b4310d
SHA5123eaee2bece0903679d465861a00383db6bcf096ea151ca3e85efa6f66999bb5ee1c7e1b66ae0c703882b4170f8627ec2143be7fe9b3a23a9e5696ed6c6dd5728
-
Filesize
180KB
MD5dea49d5a25158f55be6d570f58209dba
SHA19b0150cb7ddd8d8ad400f9fed649520f6355cecf
SHA256f82b96255b9128fe0d3fb64c2de6014282c7887fddac2a3b9e1f5d4a9fe366a9
SHA5128c6fb2f91286408146cbd9595264a032237d15b2e638290072bc705e1950b03e36f59c5c5d7f6db9d4634cfd280430e10f2a02d8f1f2e17c5b943d64ce98b7ba
-
Filesize
180KB
MD55843e3bdde8d37422a314703389e01f9
SHA11e09caadf1d4c5a4dfc7989ae9b33cd8a1d8ac02
SHA256f6858fa486decec1311b07d96c21524c050376d7abd2dcd1d1e7ab645aa7ff20
SHA512ff5f6b01ed8eccc2ac0ad31acc3b4544955f35c6c91f54b3ff6b693bbeb5ac55cdf186e803fe70568bd447f4d78a25630d300adc5812681ff378145f40263b61
-
Filesize
180KB
MD590a0827a4d6fc9ba7d43a72b1eb1e919
SHA1ef1faa190ed2a1799eb90e3eb9ed07e6c93e82a3
SHA256b7e879b88f420836fd0f7972689fff2e68c65749e7509108b7f59c8fc1777c1e
SHA5127e0f190c0212e02ea352061ceb49cd51c51263a16f838c8c73d7b78a090369ee6d4108790b12019274b60a828f5845c3533271a2d65274aad352f5ac9e57b8eb
-
Filesize
180KB
MD577a0f05b5a5dc7108934ba3d4a4a4d80
SHA17608573db87788cedd6e4acce399bf22ae501fc7
SHA256d4e0256412981c855f07c9e688cc1e492ee79beca7eb3ea554b3bf3c25f40381
SHA512d6747f3d1de13ae7749bbc347c84d17e8c115df7163913db78485e1d3e1bbcbf1f2a5f2ed4ba7c376bb2468e2b1ed7e91bd878a9267dae2dfaca257606e2b1ca
-
Filesize
180KB
MD55dd4004f0685f6556ce3d2f9260b5f7c
SHA1f37ddf9f4328ad049690c568c1b694d93081a8e1
SHA25666e0198b5a3cc5217eb079ec741a93813cfa39009b1b00f9c10332c988e6fbb9
SHA5128416818e3cddedbbf05016d29e0153bafb84a0216b3d94f28d7d871c7429f0caace208bd2b29a166ee7e8a6ec8110c64f7edb74d38b9f5054345640d6687b8ea
-
Filesize
180KB
MD5d409e0847fedc7de57fb81a4bb391ee6
SHA18d4afcde5be6bddbab4e233d2f2d70f1a88b077f
SHA2567c509e5335811d47a1113e1a051a1602ef219b6a544d702c1aac38197d7609c3
SHA512b0ec62cb1887d0c87fd4e8db151c711268b9ce0f5f437fabe17a5b1399902fda6ad9fee88b3b11802dca6ca274b9c22d77ccf1977d936226f07eea8d773cb279
-
Filesize
180KB
MD5faea0a6f0d7d7c6eb9f64ceac7be8f45
SHA16908aa95a74df113ff04980d51b640da3a856adf
SHA25605b1e56b65ef68ccd010a0d43f2439c94e3e55b43cbb6b36c1b3a1fdaf73b8a8
SHA5129d2c1f6ef47f67296baadeba4119d49371a129b0e7f84271dc34f515be98da0e281670446be6efd01bdd18a5de2a56a16e88058b3ea69257ba071e3981ec847a