Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
22/04/2024, 01:51
General
-
Target
2024-04-22_56102798356784bd395cfec9fec86a57_goldeneye.exe
-
Size
168KB
-
MD5
56102798356784bd395cfec9fec86a57
-
SHA1
ad67dd0f6520b3a746f69735f95063c1269aa355
-
SHA256
66ecce6430c8fd9f7508764e7cf0a563dd90f16196b87d0b82c58d8437d2154c
-
SHA512
23d6f559e8b86dcf4bf08bb3d36cbc77cc253c3a10e420dfd37743fbcc84e20d007df1be30ed8980bf8b2ed31962a6f1431e79cd0e6cc3fc929e6b7c14fada52
-
SSDEEP
1536:1EGh0oglq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oglqOPOe2MUVg3Ve+rX
Malware Config
Signatures
-
Auto-generated rule 11 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 11 IoCs
-
Drops file in Windows directory 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-22_56102798356784bd395cfec9fec86a57_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-22_56102798356784bd395cfec9fec86a57_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0D3FFD1F-65DC-4b69-A70C-04E1B0EAAF80}.exeC:\Windows\{0D3FFD1F-65DC-4b69-A70C-04E1B0EAAF80}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{90A6F864-0CE6-4798-912B-56DBE0795604}.exeC:\Windows\{90A6F864-0CE6-4798-912B-56DBE0795604}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8A092117-B468-463b-BA02-03A6D62A0AEF}.exeC:\Windows\{8A092117-B468-463b-BA02-03A6D62A0AEF}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DAEDEF42-3C75-4064-BA0F-D6C286D17D83}.exeC:\Windows\{DAEDEF42-3C75-4064-BA0F-D6C286D17D83}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BBAD039E-9369-427c-B92F-0E76EBB7C328}.exeC:\Windows\{BBAD039E-9369-427c-B92F-0E76EBB7C328}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
-
C:\Windows\{4967CD56-1478-4c20-8A1B-90EC72F91E1C}.exeC:\Windows\{4967CD56-1478-4c20-8A1B-90EC72F91E1C}.exe7⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7143EEA-2752-41b7-8146-7AA913731122}.exeC:\Windows\{A7143EEA-2752-41b7-8146-7AA913731122}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33547DFD-8284-4087-8D69-8424754E1B0F}.exeC:\Windows\{33547DFD-8284-4087-8D69-8424754E1B0F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DCF22384-C1D0-4283-8ADA-C178A756A72A}.exeC:\Windows\{DCF22384-C1D0-4283-8ADA-C178A756A72A}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EFF56C79-667B-4163-8816-2C48AC65A0BC}.exeC:\Windows\{EFF56C79-667B-4163-8816-2C48AC65A0BC}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE5F216C-C9E7-43c6-A646-CAB388ACEE73}.exeC:\Windows\{BE5F216C-C9E7-43c6-A646-CAB388ACEE73}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A0380099-AF87-46e2-8EB2-C6505B8927FB}.exeC:\Windows\{A0380099-AF87-46e2-8EB2-C6505B8927FB}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE5F2~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EFF56~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DCF22~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33547~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7143~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4967C~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BBAD0~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DAEDE~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8A092~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{90A6F~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0D3FF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
168KB
MD5725815f9b9ee80533b3a781095826aba
SHA196b14f03f6072291b16f244f80a109f195e9d053
SHA2568c5eba5a58ac05bd92d71e193f64a28652c12cf8fdcdf8d3e4da681c7a72fc02
SHA512414e0b3e730f9ede40992dc93d1a5b5d60936e44e9356cde2ea96a0a2368e1cd42eb60b2e19f307b0e999f587d677f246501b190872e27083207c18a1090a82c
-
Filesize
168KB
MD5d48219e59d30cbdb1150d369e9468e0d
SHA12915ceb8cb0b15970a76802325ee57f613e1c00a
SHA2566adc155bf72c0985af7aa0a4ac3d33e23c89aaa187235d353ca8a64a4a3c976a
SHA512147914f58c43288d390329b95a59091f7b5f9301040d0d74b3342181980763204432672088192125820edec18b32a41b9dab90da2226f83edd11496e53b4c294
-
Filesize
168KB
MD5451dbe3985ce9ede813a402952a152e9
SHA1d80f27e1e4d0c52edf4d0cf290af9f726ed9416c
SHA25620effa8bcd154eb1673328a3fc56da457c019ef74105eeb346af73c9c74279d9
SHA512936f149bad4db3f9a5b346312d44cfdcba7dca0f890fd55f9fb1804fd1262bfa69fe63bfc7ced0ea2debf15c3173a08af20485029a8d5dec69af7943564eb3f6
-
Filesize
168KB
MD560f7b1c7fce3fa2128c5302a3edd8b59
SHA127005e14146e6e485e4d2611f6ab9e90e0f1f6d0
SHA256ba636e05a1ca78cbc44cafdef48ac2126d4aad0ca96fe60c285d93d397426484
SHA5129941235ea0c6b3428fc0617ef20f543294fff8a279a7d8ef2d75cf6c4c7bcf5d0e400b7f46cc50d3c3f4d79e27b53e7ea56b389c94da21d8c02a622b83f25225
-
Filesize
168KB
MD52b0524547db1de039eed54d85358a2f0
SHA1f0c7e5522e52c91a7fd1f1b949147fc408114908
SHA256da36619f0fa719ae0575bd54d9fc70937d253e599eb5649d646e4c478bc8fa21
SHA51249ab65915feb2b4ceb804cada80f6c70f8aa79baba4ab23f5593d94fe856c3477669f4cf2d22348291fccaf196976c582abeb7ddcc884529e4a32b108585a5bc
-
Filesize
168KB
MD59abb72d97da8fc4e3c7b1d92548076ba
SHA1a28868b82230fe3efd514be07cafa8adfdc7d0ab
SHA25626542f9c254748a0bce2c8d2e51edff9bace62bc86632102357840e8c94edcbb
SHA512439d275ed6161cc16afd8bdae3d165538c6f4b59b089c687df041bcab0c513e0aa40c1917f648a8e9c2e4895841bc87a14fbb95e67f9087d3f49fa53a94032a0
-
Filesize
168KB
MD5a2c5f9426f75b6f9e380b4fe7d65e67d
SHA1d09901a14b6a5aa6e0798de007df945d46fab851
SHA256659d7b378b1fbe7788cc57056917c61ece69baeaf763b564af60a97165a0ae02
SHA51240a383407726f96f5272e0a0e7c90950859b66d5e1741c57b0aa850ebeb1b38c279e8517e8bf339ef3537ef0a32a664c31916f1491964e093cbe2867842bd33b
-
Filesize
168KB
MD5811ecf6cc9a3ad1bc41ea5dea5f90971
SHA1941e93eadebcdeea4523868a57cdb676d2408e66
SHA2568a3e16d2e7065258b53d093b9b8daf7e0137fa706b9858b3c36f131acddcbbf2
SHA51254a02057b867371c49343a73a3e175fdf019539a864e73669e5a025aba34a6d4fbd13ee4575e8a22c07b985604f61483344aa4893b9a55e0732e386e5f80a604
-
Filesize
168KB
MD51deb0681b7ecab2f378970a6fbe4273e
SHA144380f2c0afbe83ca69b8ab278e4b7070ae02e29
SHA2561ba11b1d9570f8b43ef8fe353d287950f233ab75a5d18024e5594067796bc85a
SHA512171afbb3602bea584d9cff268cd4b6b9487b33f3a1cf2a7de1705faeabd889c384fcff0c1c74e92159080ce4dce04e87692d4b8462acfa736bbb3f42a5cf81a3
-
Filesize
168KB
MD5d409484321de573a9a8487ba943f440e
SHA10f3771ed5a2b7687ba082aa5492df0a9535ad4ac
SHA2561634f6ef98641cc7f25d951be83c86c75fc53a738ec42e4e94da6d245016144a
SHA512f63857e839c0617a8867bf03383f4ea58dffdbe322638ea6a2790238602facc138ffc763722b810ebc1c65630bba6e5822134e578bec998d22dc235837ede9e8
-
Filesize
168KB
MD537bd3a607e83e30458558bf54cfa9c61
SHA1dc75fad38466e9852abb18dc8fd92e43093f1391
SHA2563fa2ee4b7ab36935b3b18affa3b020a8e45a9b83f5b44b8fd4b134cd4f85e050
SHA512a115ed1935af2ec31174b6539399741305ca47cb8e07dabf815823abb9568a535d9d84779a0ad071da742d3eeaa3bfa9b2e1ffca89099a7c8d0e8b86482b9661