Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
24/04/2024, 03:54
General
-
Target
2024-04-24_719f150a125ce2af17da832453b3480e_goldeneye.exe
-
Size
204KB
-
MD5
719f150a125ce2af17da832453b3480e
-
SHA1
9410f4ed2dfe274706f8bfdb8991f6c7f14aaadc
-
SHA256
1c0cb1b769ca5c78525c2c1567b93a1af6318d6e967a453d7faeb778b38379e0
-
SHA512
7f52bdccb3cef7b5419ac83b93897d28989e07624e49eb8fa2edeb51e86f557d6aed576a6dbec99eaa05efed7dc766c8d9729843372a1d730ddae2e4e10bac5f
-
SSDEEP
1536:1EGh0oFl15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0oFl1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-24_719f150a125ce2af17da832453b3480e_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-24_719f150a125ce2af17da832453b3480e_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4DC4DDD6-E193-4c6e-B004-0067298E6072}.exeC:\Windows\{4DC4DDD6-E193-4c6e-B004-0067298E6072}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C22116CE-4F2B-4599-8DC4-F155D0C9EA0E}.exeC:\Windows\{C22116CE-4F2B-4599-8DC4-F155D0C9EA0E}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E51E5C96-8FC7-4a75-8443-B7A901F4402A}.exeC:\Windows\{E51E5C96-8FC7-4a75-8443-B7A901F4402A}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F95C541C-B3B6-4b6c-9BF8-0FDC8E396624}.exeC:\Windows\{F95C541C-B3B6-4b6c-9BF8-0FDC8E396624}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3CBCAB31-4FFF-48a6-87B7-1565C61EAEA1}.exeC:\Windows\{3CBCAB31-4FFF-48a6-87B7-1565C61EAEA1}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29D42938-E982-4c0d-B63C-43DE41B46263}.exeC:\Windows\{29D42938-E982-4c0d-B63C-43DE41B46263}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{28AE1BB1-3A78-45ca-BCF0-735308F90170}.exeC:\Windows\{28AE1BB1-3A78-45ca-BCF0-735308F90170}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{62513459-E88B-45ab-B683-FEF1888DC153}.exeC:\Windows\{62513459-E88B-45ab-B683-FEF1888DC153}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BE1856A6-3C43-4a3b-A6E7-9B46BA86EF83}.exeC:\Windows\{BE1856A6-3C43-4a3b-A6E7-9B46BA86EF83}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{338EB420-1680-4a14-B7D8-8E405D22B737}.exeC:\Windows\{338EB420-1680-4a14-B7D8-8E405D22B737}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F79FDCC0-BBDA-4ed4-ADCF-F2A238999090}.exeC:\Windows\{F79FDCC0-BBDA-4ed4-ADCF-F2A238999090}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{466498D0-E630-4cfb-8ED6-FA4CFF25048D}.exeC:\Windows\{466498D0-E630-4cfb-8ED6-FA4CFF25048D}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F79FD~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{338EB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BE185~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{62513~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{28AE1~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29D42~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3CBCA~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F95C5~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E51E5~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C2211~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4DC4D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD559c17ddfd6ee86f347eccefcad8373e8
SHA1f41061e18290ae2545d8bbb8f4bbaf452acb9c76
SHA25603dfdfaf6f18230919d817e2041440546b0f8792837158363e51d3b90ce458fa
SHA5126ed5a0b435477192189634a9cc5f86cf8d15d06e16c9d9db6243de80d22426ae457368eecd1aea7f55d0e7eea1c99940f08dfb11d78fc9f3269d5382f77b2996
-
Filesize
204KB
MD5b483f60d787a437fc30fef154c4bfc8c
SHA1f74c8f19a1f014a05f68505ffef2e38f9019db68
SHA256d176b9c6717e3023928043135866267421bdc4653b8fc0c6f4bc6165c821595a
SHA51295ee783eed007796ea3e9fa1e18752b023cf5794742206e199fdab26f44de99f1784c34e9d879e9368d3ab2d546ea144cbcbe1d1c14984b46bb3a78b2fc1f1b7
-
Filesize
204KB
MD5c98ecd858d89d8b1ea14b0bfcb5070b0
SHA1bba44e56c98212fc83f711a25c423469d1542baf
SHA256097763b3fde3b0eb46f961a6a3fa4647328ea830cf64774ae4b1e23980d76821
SHA51248370e977948e3d4d02db379988d9689243ea64f1db9e7a34f5f5545fcf6a9e5620719b10f3fc5d81e94291ec0b82fcd77709516dd8d10d44fa79d2e0f88b5d0
-
Filesize
204KB
MD5eade188807505791b376b6e82ee87efd
SHA1fa0c2a35e7c35ee4db3f6327c6edf2e7c1ddfefb
SHA256cfa5ddde85f3860b7ba9cc4cca6b268f7321edc74a30aaf8af81e1fa0fc300e5
SHA51278a785034e9ea204211180f1d228b9381719653f4572b8d0b9a2b7e0f2e62996dc0d2b8e546629b16d442b2b5934baff3fea9c14ecc010fbdc67e5a121a83d5a
-
Filesize
204KB
MD5711db4134dfd1ee466e45233254e7176
SHA1ee14b5777b4b83eddbc4ed0d960d2cab6551250a
SHA256c0a537ed64a086b4665cf849d29f3c1cd958aae172232837c4c0ef5791e7e778
SHA5128d501bef30c9c78e088641874c5ffd11ea58be9e4f0cea704b25cb38aed8c99b838152bc0bf5cd790cde35c541ce2f5cb8786e54eb3b607181ebec64399c2658
-
Filesize
204KB
MD59c62525e526abb01602c7da3e8ff2c51
SHA1115c5492f23d5f0eb554727ffec1cfcd1da9f21c
SHA2564fc3e933af517e9095cb2a3088142e3497e1c92900e94e271d5fe668c9138198
SHA5128511d4f7931347e1dd4c8d398e162eb8dcb6c35044f3d0e9782e29e1461e7f6fba61b2078e5c0bc05ca02342d33a8b9a03a36a6c47bfe29579a1ddadaf8f5785
-
Filesize
204KB
MD5dca036892967ce7b4d5da1816118998e
SHA13dabb25b690bd03b07d26cd8a94718ccbbc818a9
SHA256e5ca746172070d85764ca061a2538abeed3e114861caaf50aa7b91500e305869
SHA51210e2a8c70d3c23ce391f5be2fda2704b24ec5323c346b57a1ab0a86ab81c895aafce558162de121b6ab04af990146b03e8e97e61bc23b6adb737604bcf5844d5
-
Filesize
204KB
MD5d5fbbdffcd6c152c879fcbe295f08a41
SHA1fc6e9ca15082a4610c6c93e8a8eeb1952ae9daeb
SHA256d20fd626ffae112b7004840e002f844ac2e2bbe3d7c1ea0b205720056c87ee0e
SHA5126c2e6c495e9c6e9856b54f249cbec31cafc84841a7cebade138fd8cec06d5c1bb22422b2d7287a53a73045f200a02246235bfc9fa3ce6710c9785c3031734dc7
-
Filesize
204KB
MD52fa029f57169ea55d2a77e0e4b1d4b3f
SHA198a6915bafefca38e18cb4671a0e6c3d11b6c934
SHA256665502a92a07217e782248a9d658de31fca3ae6272d7e60a665e7dd9e7ce0e18
SHA5128783cf1cfd58e4d4c91674c7aa141278aacec5bd6a6085993bb5c0be54a1a237395ae54f864964305d91e71b42da84384686560a0116a9df7fcd77879c170d19
-
Filesize
204KB
MD573afee3aa539933c92e98d3d630afbb7
SHA17b064d02fd5fc7557f524737dd5b65a76cae2c95
SHA2560421c2a3ded9ab491447a4eb53914e07c50969d8deb515b952a3fe51aa6b9b85
SHA51270adb971a8003d422b383d7760d08e2c3d003399e746fde30ec334374853f0331e328a9a521928a03ba3f581fd41f687e2d975822afb26ec25cf854b896f2b91
-
Filesize
204KB
MD5e904a60251655a70ff4a525c53e77e3b
SHA15c30fdcf62386ec432850f599ec9878ead6636e1
SHA2568e58dad6ee5d1865f461ba4e6609f55d06d268616a5f4009decf8d98e3a7a1ab
SHA512f604ac8667d42e7b4a690b75c50dbf64ad4026f11638a40285da22d561abeb2b0c5404d909ab4bd7ed4b306ba4003f599e983d9d06e7cc8c16c2debf4d89aa49
-
Filesize
204KB
MD573d24eb264615db392861ba29b4b0b8d
SHA1d61a35c82e8b0c07d35918b5261abe61616abe25
SHA25681986d30593fd7a636e3f03ad63b62cd1b58767067ec1b3f9f6f7bc371897590
SHA51241010fae37f94305d426cf8c91df2d7a0cc70d72eefb2ffc2ad6ee653c1444921b55bb65818412b20ae3b6b2796f736df703bfe9ee66a701df3663ed6fb4ef1d