Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
14/06/2024, 10:33
General
-
Target
2024-06-14_35d1fe284d252d28f54228f89533265d_goldeneye.exe
-
Size
408KB
-
MD5
35d1fe284d252d28f54228f89533265d
-
SHA1
2608bf047c19ff47248b21f140b8c8e7e123fa24
-
SHA256
bb6047a97ea1c5b1a2e13b80f098cf662edc63d3d9a9a86d2f9011d88728a04f
-
SHA512
3321ae750f86adb2a9bb87177e89336e60f756dfeadbe430fd291b7126e7b581cf1c1bb205809e5a0f0eee6faebc30718561d41046a06bc613197fbdf4eaa088
-
SSDEEP
3072:CEGh0odl3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGTldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-14_35d1fe284d252d28f54228f89533265d_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-14_35d1fe284d252d28f54228f89533265d_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F70B10A3-8D0F-4be1-ADD0-E4678609035C}.exeC:\Windows\{F70B10A3-8D0F-4be1-ADD0-E4678609035C}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{79EECC0A-0C17-42f1-9177-1A6DBBA907C4}.exeC:\Windows\{79EECC0A-0C17-42f1-9177-1A6DBBA907C4}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7FFEC2E9-1E67-4fb5-88B3-524FD8424174}.exeC:\Windows\{7FFEC2E9-1E67-4fb5-88B3-524FD8424174}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A7A14507-711A-4f51-BC6B-49916CD9687D}.exeC:\Windows\{A7A14507-711A-4f51-BC6B-49916CD9687D}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B69A547C-7225-40f5-AE91-6B6B9A1EA57F}.exeC:\Windows\{B69A547C-7225-40f5-AE91-6B6B9A1EA57F}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AFF8401D-E594-458e-B775-04F7C7FCB9C7}.exeC:\Windows\{AFF8401D-E594-458e-B775-04F7C7FCB9C7}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{669894E6-B658-407f-A433-88A9F13F2018}.exeC:\Windows\{669894E6-B658-407f-A433-88A9F13F2018}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3615B4F2-AA14-4c4a-A96B-F7E139662CD8}.exeC:\Windows\{3615B4F2-AA14-4c4a-A96B-F7E139662CD8}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DD0B28EB-2DB6-406b-A7BA-A20D77643EDD}.exeC:\Windows\{DD0B28EB-2DB6-406b-A7BA-A20D77643EDD}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C1CB2C98-ED07-4b73-9D76-8506E737AF35}.exeC:\Windows\{C1CB2C98-ED07-4b73-9D76-8506E737AF35}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BF928309-3A9B-440b-8C63-5A65AB218F9E}.exeC:\Windows\{BF928309-3A9B-440b-8C63-5A65AB218F9E}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{DD0DCD73-D3E2-4328-974D-6FB1180538A4}.exeC:\Windows\{DD0DCD73-D3E2-4328-974D-6FB1180538A4}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BF928~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C1CB2~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD0B2~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3615B~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{66989~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AFF84~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B69A5~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A7A14~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7FFEC~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{79EEC~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F70B1~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5d71a0d19087422d9f52298b82a256cc4
SHA1f8378ce40c841c22614c2058dee6d6037be6553a
SHA256cd2fc6f08f02c8a1f339e5f53df67f2f87aba6f14b627dba83c8e226e7a8a633
SHA5128a4624181c24fd1fde65c9f730ecc1036a4aef8cf5f33561b0a2fb05319fc2339dbdede72b6552f83181ee45b509d0df55cccff0cbfc8e45dd606ee5d0fce514
-
Filesize
408KB
MD5fd5d3ce5dc4e06801959fd9370f49769
SHA1aa0d62f52a3b49910eafc08fbf3a0715fbf7d9aa
SHA2567b71b3754ee126efdba480989c7708a55c9897b03796ea1be893fe20bcfd63b5
SHA512f634da654d5046dc1a86963e8df89408b3fa92c6f4693010dfecc0a070277a43613ee371d9fc63e0cdae254962305683073ce718f97e90f872d78e11efb5bcab
-
Filesize
408KB
MD5281edbf8ad3df439f317fc275231fd91
SHA1e1dffa2415f4fd024d5fde3de714c9b3f294bbb3
SHA256ef2d7f84126648f48dd7781c577665e9dc875dc6e6626efc49b0afe8c42175a2
SHA51291c69f9fa50ac0f12e7e5e9c71c7a852da767ed9a45abd42c3c2fae159036e4c3d09144f3e28c35e05bacc6156ed692aef7495b363b64316b331749d52006b2f
-
Filesize
408KB
MD5c26316a5441511d4ffda9bd0eb9c0cd7
SHA16a88dffdcf5c051b42191bb1d842979a23d92215
SHA256fc68ef0516525e45e470156ef429870f160a31f37bcf472907c0ff9011f40229
SHA51255d6916d4765e12c0180af2cf70ab48e01cccd682dfa7fa8790e77d3cdf307a1b83794adc84621a336938ad00b21fd5989801990b3af19784d244b73bc60a6ae
-
Filesize
408KB
MD5818e8b53bbf782e41e630452cb3f16ee
SHA1ec311d004543a09ed3b1405634b01994a4ec47ba
SHA25668d594cc11ef18ef9c58523be5d36406e0a1c4d5315972d3cc1f79e3daa4fa0e
SHA512ff12f42a23c0afbda43cd4dd5a0ac6c70374b80b1294c185c24f47babc64c4ea3da33a63b4a981f845fa50123884a02d48809a5679fe652cb1c7a05fed9d2af9
-
Filesize
408KB
MD57da1cc622d1166c44b664239c280e334
SHA1014eb72b736bbe7d5d24fdf9a97048e9ece28800
SHA25649ee2820e671b452dfc8b5e7392a891b37cfe624066c08a92b94b5314beaa52e
SHA51281a47900b35994e5743b6f11c99ceb97b5fa6c22091d39a688ec7eebc3503efe36606c83bab74efe8a7d0405b641f245e7dcbfe82615e82eabbe6b3e742396f3
-
Filesize
408KB
MD53d6bd80a9bba3abab29c88427d71017f
SHA129c84e006f9b14dd732a13151888419a65367ea6
SHA2567f13e277698ce4bacea6216d7a7811263b32e775acbe6158e60907ab6f5c8d4c
SHA512236214722f9821a174e9324a2ccca9e0cf15413ddc44d936645cbb9cbec9d7eb1bb9a1cae8102b9934707380d6a9407a5aa154d1ac4a945b97bec64f449f4487
-
Filesize
408KB
MD55ea6fa320aaafa2ad1954f2d63a73bf8
SHA19394a11f811b7192c9ed819e0ac026e7a7f99a8d
SHA256cc4e913e5e67a81ea1f6292ffab6706433100329ac1d07f5826392e60c6a7e1b
SHA51254903764406fc19c32799f905d9f0ea7dad79892dfd9da4230583f6c99a2a8ed0e359d15aba65af98cb298817fa00ef84a1f2cac9e0c37b418a913c3a0a5ec62
-
Filesize
408KB
MD505f9c29b0cdece06e11292580cb24ed3
SHA1ae5d7daf8cae2462dffcc63967ecb93de5805f9f
SHA256a39f272bb7beabf8f1254cb80f5d03ab053b9662bc8d7c8ac1d2c7dfc480e3d3
SHA512150c08af6f9d5d8b6458bad6ded3ea9e5bdc2e5b0d48393aabbbbcc4100335d3aa536e773a5e637c58169a4bcc1a2529087ea931a94d56c59418cba448512884
-
Filesize
408KB
MD524d000e29552712165509b04299e6bb5
SHA1e1e9b9e1ae94efa2778ac1f8abcee1ced65f9645
SHA2561469e6cf642e2c6b69be46a7d9e465b5ff04b6f4e0e59ed313cda5dfb9ac67eb
SHA5120dc32927b0e485c09a41fcda73f9c2b3857f1734c2422ab5e6c5e5184303ee2ca440221af39e123e312555a8c3edb649aa5b64e1b9f2a568f8348c16ceebfc92
-
Filesize
408KB
MD5fcff7f28401f0b71b9f11db1d1c2c930
SHA18e86fc81213edb9a692e46a0ec417c7b88f69284
SHA2560b25f0ad72420d5088a7649837505c1cfb473584c56fc8c712c7fae1ae4426d7
SHA512108718f7c3321ba50cc5f41aa24ebc5f627938a36fedb24ac9d14c17b7c616e8efb963ad079575da768b4fc5cb61a6eb6181f53692038fda5a0d61b30c1b5c9b
-
Filesize
408KB
MD518548feb35ef6aa6b8c8467cfcebdaf8
SHA1141077d9fcb6a00d4c87f8fb4e0044c768e98d4e
SHA256a89936a498422685542b5650bb5e9a6c89bd3a618e3af4fbb4e7424963af63a8
SHA5120e6541dde26e261177cf4025932214764bd17db2c53d403bf2ce58a357ba2b72830e8715be6dd48f13b4e18f2d044e89abe352f902494fffa1fa76b99e5a048d