Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
31/05/2024, 04:49
General
-
Target
2024-05-31_325ad5cab02211ba043f6a1ec096bc26_goldeneye.exe
-
Size
180KB
-
MD5
325ad5cab02211ba043f6a1ec096bc26
-
SHA1
50d54c83f2a838652bef7e12981a8576527d2113
-
SHA256
c7f7a7ddc0c84f60366206b41c11ec34c73094fc8718a3c358dadec33ba5a837
-
SHA512
e08b85acb7fcf1845d5b2194db1591c3ebf1c98fad8c174fa7e86807407a382dc8a876fe990eff7e35d762e6e69ab71d1c5604d0402934339a2678fddc816ab1
-
SSDEEP
3072:jEGh0oPlfOso7ie+rcC4F0fJGRIS8Rfd7eQEcGcr:jEGVl5eKcAEc
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-05-31_325ad5cab02211ba043f6a1ec096bc26_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-05-31_325ad5cab02211ba043f6a1ec096bc26_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D4AF0C60-CF29-449e-BD86-22D968EFDDCC}.exeC:\Windows\{D4AF0C60-CF29-449e-BD86-22D968EFDDCC}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B2F071F2-B353-4cb0-8036-9CF52260162D}.exeC:\Windows\{B2F071F2-B353-4cb0-8036-9CF52260162D}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{470228ED-C373-4a6e-92A5-DDB5D1F20CE7}.exeC:\Windows\{470228ED-C373-4a6e-92A5-DDB5D1F20CE7}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{94A2287F-B5A0-4cb3-8D77-B2DEF40876B1}.exeC:\Windows\{94A2287F-B5A0-4cb3-8D77-B2DEF40876B1}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6C33332C-36DE-4e23-8B20-F5569518FE02}.exeC:\Windows\{6C33332C-36DE-4e23-8B20-F5569518FE02}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CE8B3C5C-6AEC-4a05-B448-21D45AD171F0}.exeC:\Windows\{CE8B3C5C-6AEC-4a05-B448-21D45AD171F0}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{525E4A82-DC86-4c4a-8F00-F99791820440}.exeC:\Windows\{525E4A82-DC86-4c4a-8F00-F99791820440}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{9B15B89B-748F-4bfa-97A0-220B326DD01F}.exeC:\Windows\{9B15B89B-748F-4bfa-97A0-220B326DD01F}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{409E57DE-3362-4722-B0D7-8AC9FBD91320}.exeC:\Windows\{409E57DE-3362-4722-B0D7-8AC9FBD91320}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{22733B27-4FDD-4f97-B060-FDB7D27811E5}.exeC:\Windows\{22733B27-4FDD-4f97-B060-FDB7D27811E5}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3305248C-2B82-4839-AA3D-9B68836D751F}.exeC:\Windows\{3305248C-2B82-4839-AA3D-9B68836D751F}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{0C545106-F38C-4d32-96B1-2235E4953089}.exeC:\Windows\{0C545106-F38C-4d32-96B1-2235E4953089}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33052~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{22733~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{409E5~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{9B15B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{525E4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CE8B3~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6C333~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{94A22~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{47022~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B2F07~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D4AF0~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
180KB
MD539a9888ea7d625351497b110200d40e8
SHA10e2f3d444068688fe524cb5c69844c6c53f77111
SHA256f93e5de1c85a56411f6209bbd91bfb8d9183574f29d7d3e559f73334b24d40f2
SHA512def6c49abb95e7992878fc12f3e8f27cc9c5d0f9088d6ff0c1a712abfd2e0f36428ee7588510870ff987e5fc6d2274dc322cd6c1eae51b1f35a1087eaee5fcb8
-
Filesize
180KB
MD5533ec6109a92dd2d9d91b38ea66227ea
SHA162209b8b1c91ab314587e9403a6dc0c479e92b1a
SHA2567c6ff16c422d84c9b96b230dfee10ad096f69ed4ebcaba19abffc2816e3f12b0
SHA512b9a7f71d56fa91ec602876091bef58b965f22fb6b95b33652a24ec8492cf01557a835de3e46688333eec87b8233871243526d372083a8cf6c824f3c0c2d3304e
-
Filesize
180KB
MD5ac7041106f3e65c4dac328b123946e50
SHA19111cc017ce177aab4381771cdfbc84cef73a3c3
SHA256c6999e3c429ddc27b5dc4eb6df4acc37c461d840291469968c4ebb73501ec5ec
SHA512f17bf7a3ff9af22c6c095b58ecf27bfb42fbe2afb2b1bf4d0a266a01c7a7acedf7270776fbbbd2e07c21aa0cb2c8a969a1b78080f9074797c6d0868b03cf2486
-
Filesize
180KB
MD577ca970601bbaa9a23b6f49411cae72e
SHA1ac2c7003e0fd8ec0f3de252dd3e30bdc9c766aba
SHA256efc7b7651b38827bd8d25c39b874566ed54a60e0668bd5f1f93a2e3d55c0883e
SHA51259221c24ad1af6cd155e1abb51d7ddf943606b55d2843507cafeb4d1ae1cf8e91f9d5c955877d05f3c484f94783cc4f7a82fc25e3b775ac4d696d46e4b7f08dc
-
Filesize
180KB
MD5352400cf5b738b7c46c4f9851e29a703
SHA1379712375f6c3f7466c5d16b4f5d89d20af4ec44
SHA25680342f731754278549fc7e3df27d10217d0a7fed380f7f437f88544f7300cefb
SHA51202a90f07568afb3b6cbfbd1366f04c65983765c9515ec2c431577a11005fe9210a265433bb303efab30af95b8f31e54bedff37e9f5613449f176500b84bda751
-
Filesize
180KB
MD500d6ccb49e70a325959de7faffa4e58c
SHA151ef40ff84eeff7c5edfffddb9c4de211c060e72
SHA2568b280e16d40d32ca947fa5fed9e8a3a60dff4e0431f780840625ff03c30b6118
SHA512cbc9300b9b5622e5070f5ff689f5bc6f57b4bc81ba489e10d820760d46fdd20b2ce18cf8ceb547957853e77efca5eb81a0268783ba43a68955d6b7cf028ff340
-
Filesize
180KB
MD59ee774934793940ba560f56dad0a0073
SHA11c72d67e6a1462a4e638a538159f06dcb3b1cc2f
SHA2563adc267eb7eed91b15c39897367462f339152789d5aa76db53abc9359d07ed4e
SHA51262098afd8c564a0aca13bb26bcd2155f4ced133f19318cdd9aae9af77385bd944196bbaecefe0c61ad202eeb07464093cd6033243b67637498e69b4f24fab3ea
-
Filesize
180KB
MD5ac69ba365bd7c3308cb049fac93562b0
SHA153d6e416f87aa08f9879f8538ac2d012a50af139
SHA2561372f1552ee95cc4c35947e3233f33bf8a5128babf5da2c1f63dc1f68a0f7fda
SHA5122f7c7c1bf3eb9c60c09319f81aa0d888f529266841f24169c9dba60ad1b3fba03af0af2f1bf0c52c18ebf8bed1733c23a3701246b833f4ea2041888806e575b0
-
Filesize
180KB
MD551f51449cc769d19208f15fb8bcaf34b
SHA1d7c39a77c25c90c01cf3de0ec383fbc3ba5b5ce5
SHA256e64f6290e726a2db87dcec2900aef3f059111a39fbb95015009e1d6a4030ddb7
SHA5122d2b72c1ee9c70ddc9f6101c194547e1eb2cd7247680573c906ae45143fcb930fa81515f01d2b1ccdeb2182bdd522db0f48da847f9505f349b78068fb1e8e8a5
-
Filesize
180KB
MD50a60aad11dcebb8bfa23633702a7d79a
SHA1b360644da327803302daca4ebca48a324c895f3b
SHA256ef342ab0e5fc33e47aeac3f00a8da0361931d335dea42e285db9eb6b0fc678e1
SHA512a34b09862e9aee15afaefff013283000070ce0acb105099d5d7488fee0e8777572698b3054d959828b0ef9589e193c12848601a8ec982dbcd2093664bacddbbb
-
Filesize
180KB
MD564ac67fe88ab4a59eacfeb51b96e3a3f
SHA163025829d17117a39af6d8a26b501a40fcbae654
SHA256e3eb660d740b5c93b5de0a53fa48fa5f02d2a80e8be98cd4b7db5f5dae6ab0c1
SHA512f706aa56bc5838710c87ecac48c8d8799d3db2eff5947555e8eea01e33bf7a31ffc47152afdafcd7e3886403a5fc99d4c2f9555b355722dbf3c95ac24332aa39
-
Filesize
180KB
MD5479908d6f9e12826ed4e4577705da4bc
SHA162db8706e355428c95b6166f9ef8e5b2e77c6715
SHA256818b7691ace8f1e3f6c83e54fd9d089ee82c90cf4ab1653643eec92d02e61278
SHA512f453efb7d5ff7a8d0fb00ed7d2020a68e9a795234707c03462bb22fd233ec4a5a40f737a840104f3d615d7ad24bc13f36b0f42be785d74a66243ab1205482376