Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
20/06/2024, 06:26
General
-
Target
2024-06-20_4a3b522526cdc234bfb76c6987137247_goldeneye.exe
-
Size
204KB
-
MD5
4a3b522526cdc234bfb76c6987137247
-
SHA1
2eaa67efa2e16eefdb093a597ef44844b0f56109
-
SHA256
8598d672aa51aef99b6d01afaf3d21a7f2327898d8928d678aa844f0d7a030f5
-
SHA512
2fa4f9804e244fce535253c45987eb0f02dd427017673e62de3206741774e74a85106ab4dfbaa9396ff8177028720b5c36c6e085b3937e1c2cc18de1d23c54f2
-
SSDEEP
1536:1EGh0o5l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o5l1OPOe2MUVg3Ve+rXfMUy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-20_4a3b522526cdc234bfb76c6987137247_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-20_4a3b522526cdc234bfb76c6987137247_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B198319E-F3BC-47c0-92FE-A8ED2A6C6D03}.exeC:\Windows\{B198319E-F3BC-47c0-92FE-A8ED2A6C6D03}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{29F08E99-B664-4396-A662-B579CFCDEB67}.exeC:\Windows\{29F08E99-B664-4396-A662-B579CFCDEB67}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4B458657-CC8E-4540-8BB3-AB7512235251}.exeC:\Windows\{4B458657-CC8E-4540-8BB3-AB7512235251}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A046953E-0A75-4e6c-A2F8-C3DA0243C894}.exeC:\Windows\{A046953E-0A75-4e6c-A2F8-C3DA0243C894}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{54AF9467-35CE-4923-81E9-8EE8C37BBC49}.exeC:\Windows\{54AF9467-35CE-4923-81E9-8EE8C37BBC49}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{93A6732D-ADA1-49d4-9E6D-0D5F83ABF0E4}.exeC:\Windows\{93A6732D-ADA1-49d4-9E6D-0D5F83ABF0E4}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{59E998F1-3B29-4461-9165-4B12CD49FCE9}.exeC:\Windows\{59E998F1-3B29-4461-9165-4B12CD49FCE9}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{068F58FA-94F6-4314-91C9-4D4983243806}.exeC:\Windows\{068F58FA-94F6-4314-91C9-4D4983243806}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{CC6B1B26-6CCA-4750-9E74-DE4F8D13D15B}.exeC:\Windows\{CC6B1B26-6CCA-4750-9E74-DE4F8D13D15B}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4920F098-CC45-4997-AF36-6A40F2411AF6}.exeC:\Windows\{4920F098-CC45-4997-AF36-6A40F2411AF6}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C921ED89-59B5-4314-9BC1-683DCD233886}.exeC:\Windows\{C921ED89-59B5-4314-9BC1-683DCD233886}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{50E53D45-79F5-4aab-8612-7DA4063F7838}.exeC:\Windows\{50E53D45-79F5-4aab-8612-7DA4063F7838}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C921E~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4920F~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{CC6B1~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{068F5~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{59E99~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93A67~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{54AF9~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A0469~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4B458~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{29F08~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B1983~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
MD51a0482493742fc0bdd4a3eef886d6b70
SHA1151d177421ee07bc4e28b9ea0a1755c75b9d6d35
SHA256dec4ab538d48adaa81a1f137f7ba845d167063abb6d57be7cdfd0e7fc9e8801a
SHA51205d0171a5f3aa7fc7d5b546443f9a2429481fcd90a430441ec8ad05bc249d421f7f96ec537aeceb4d30791ff3966c8ee654231adbf61eb703b5a80c37ac21d25
-
Filesize
204KB
MD565c6baba7b0cefb73c24d9451621b54b
SHA1126bb5c4d9ec91c6ea6790d6950ce67f5d1278d7
SHA256d06fe7aa40e48e5e7285696d1cc08af3ce6d1dd95b9fd909a8f62ecac7f92d95
SHA512fc7b6df9d93a9b8b88d80c59fd713e12e0f104409321c0b7c85b734a6a7aa9394386d91a53c7582b66cd615afbdec797397d27b55bc5b12fde0046b075796453
-
Filesize
204KB
MD55f5ba33f1d4cd85c4eec8d483259704f
SHA15372d7e658ef87b309c9b4c2286d1b8b7dcdfcb3
SHA25695cd7fe1e3ddff2df95f05ba7a604048a4eb9becb42bc4f25f52ac162966074c
SHA51229b3426cb545875cdacee794430d45349e32aa5eb49fe834be4a34af536d2a68fc7193116b9999e08b91f1087f1c820a91b51c87b82820f2accee654784cd6af
-
Filesize
204KB
MD5c5fb658be6f3fae9dd6ebd928b9861b9
SHA189f67590e79dd43718f23abce09af5b718b7908d
SHA2560556ea94be4920df084ffd338a5a9254a8ebcd9f9c1172ac8104dca467db5829
SHA5129e9bfa2d70338770a3730d10bec5341168846b123e16d77bbbd3877dd5bf877578d2118f267b1d16cd6d7a9654087d535fbd0cbee8dc559db358f54c95d8ce5e
-
Filesize
204KB
MD57584a6c5cb7414a7d7a003d9835ca412
SHA1ccba0d3c4e60795fd5d0806da857ce55a7ae5a4f
SHA2568587eb6882dbab83b8ff85905c85e0ea07b3098d9d8e764c17de4c1bb0f103e4
SHA512e0e7c7d4c91a175d2f271f8d7e9097c0f6975ad009b02196012c25a4cc13b2d36ea1c28d0fd63caf7af12a2194fdbe63390aae2fbd25bbbf5728fcabf8854908
-
Filesize
204KB
MD5642ed3218b33a6f418066c3f7950eaf4
SHA10e8f5db597650610ec9a9a58b454e83bf8d4dc40
SHA256cccb6c24421acf11b65a7122bd90f820658689fa7028d5b2c529a9702450cabc
SHA51291494808c0ff8dd63f20db48f6df6ce863894d4e4fb1f39c658e9cd3515b4c1ddb405bb11ebf564e3b6fe801b950682f3205e69755575201916adaefa19344ba
-
Filesize
204KB
MD5f008015bfe20a65e4152073e2e262cff
SHA1a6225065b7a6c4d6ad4301430d0738cf1bfdfdd9
SHA2561c888af3a1a96063d2a865cfc549dac1607129253e96300e699a09613397ccbb
SHA5123e10140b8e89c5519382deaad9f6488af61074ff868d01db3f91d98d4a904dcbfb118fbc907b684bf8474abc890601842bd9087bc0aca5670f38756fbd27b5c4
-
Filesize
204KB
MD5d8daefdbc78c2ba81183151f3d544488
SHA1eccc3d09461edc68ac369f6f9a08b8e7fc91c814
SHA256923abeadc7ab19faea9b0edd14b8baa63d048b4399e33de9731f28b88d5cc351
SHA51292f2eaf8e164b018d2cdbd2b7da29b2cf4d5b56f97e4e64257bc2ad08020f55a4bf6d2e3c17e19f2cc39733c199921488726a6e9ec4486e335b2ef9e060388bd
-
Filesize
204KB
MD543f1169b92012d5808ae886fc87d5760
SHA18ae385e85ba53c60fe9c03457f3dcdf18af5e41c
SHA25651e3970469359d48cac32f459b50a02edda87b517dd3a43af478321d6311adcb
SHA5129a676669529b1ce7df18bab2507b6f2cff1ceb01c18c701b92f2530ea9ba560ae60b3723123047e80663ada2f419418c980e320eb5f391c767dff3e30ef9c4a2
-
Filesize
204KB
MD5e8b1f10db84ceb020298e02464bf3ef1
SHA1aad1d23be41fea87dec9492cf1de1063183318c9
SHA2562e906f5bf0f3b66e7217a8512ddda517a508797eb3a3a208a5bd732cf0f71de7
SHA512fb64bcad79d9c4d6f2bde59b2d4a75dcf07c784cc67dae4c1afa1ba8c881a1aa584db2d3b695604772fb29d20e6779ba96bb0c32951dc6302a889cda41f432c3
-
Filesize
204KB
MD5d8872d2d3c05f712a328359b32016935
SHA1e775447c8a3a0c013398d830cd1c83f5c8b0b140
SHA256d82e871c044ba83ebb76dd0d4d3c30458c998f64d71d957f90383355f8eb1a73
SHA512b890b8b437c9cbd5bbb14a0d0a89eefa8f4a2c91254850a0150a80f807e6758769ea73bcaeeb7ad2be99bc32c692ab489f36fc978e89989255b283e9b9c97cf9
-
Filesize
204KB
MD5a7eea97dc7459d413a0c87d10bae6051
SHA1d89298b0b967adab3eb13805c80fd88abc069cc0
SHA256fefb30438331da17932cf4ec332ba31bd711e3d8385e5a22c1f8ea0abfe5ac3e
SHA512774c637f776ca71461a26105990b41a72b0a94a884de57ba3c5c1b822900406fe82d04119156e305168d76a93e91b3da9ce3eaebd567f1b3d7c3cc57e915d974