Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
01/07/2024, 11:23
General
-
Target
2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe
-
Size
408KB
-
MD5
c9af3b9034cede8ad3f7a25aaa0932a9
-
SHA1
60e511859cf79847d4d3bd659ff092f1a6d6686a
-
SHA256
2a1df51a9805d1f7353ae8132c6aaf3c1b8ec56afc8898e76afaab8b593b753d
-
SHA512
a7aeb1d18605da928e0269b8501934cd24ed8651b381e72ba468a9ee508ede6c0d134d54424bf6a8af5f29d48a24d4d6faccce4853c7547ab0275c8344471ab9
-
SSDEEP
3072:CEGh0oel3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEGMldOe2MUVg3vTeKcAEciTBqr3jy
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-01_c9af3b9034cede8ad3f7a25aaa0932a9_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1A9ED541-9205-460d-B4D4-EA3805DBC378}.exeC:\Windows\{1A9ED541-9205-460d-B4D4-EA3805DBC378}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FF75667D-8973-463d-822A-9BDC8BD43253}.exeC:\Windows\{FF75667D-8973-463d-822A-9BDC8BD43253}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{833AEAB3-4244-411e-974B-3D5295A5F07C}.exeC:\Windows\{833AEAB3-4244-411e-974B-3D5295A5F07C}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{589755D5-06E1-45f9-87FC-71801C1AB248}.exeC:\Windows\{589755D5-06E1-45f9-87FC-71801C1AB248}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{970E8F2A-B255-4520-AA5A-0188D6527B98}.exeC:\Windows\{970E8F2A-B255-4520-AA5A-0188D6527B98}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{51DF04B6-0CB3-472e-AF08-F050053648C1}.exeC:\Windows\{51DF04B6-0CB3-472e-AF08-F050053648C1}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{60E5D4F1-6D11-453b-B090-A647EB13BD93}.exeC:\Windows\{60E5D4F1-6D11-453b-B090-A647EB13BD93}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3E30F3FA-C149-4e2d-86E6-D2E02709E651}.exeC:\Windows\{3E30F3FA-C149-4e2d-86E6-D2E02709E651}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0F552032-07D0-4833-8961-1CC7EC9AD0BF}.exeC:\Windows\{0F552032-07D0-4833-8961-1CC7EC9AD0BF}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{77D890D0-F17F-4ec2-95A9-3F0BE8D94A20}.exeC:\Windows\{77D890D0-F17F-4ec2-95A9-3F0BE8D94A20}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{3D56B8CB-A7A7-4562-AD2B-53BE85D681DB}.exeC:\Windows\{3D56B8CB-A7A7-4562-AD2B-53BE85D681DB}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{9BCC2DAC-DAE9-4f3f-82AA-82FDF227BF2B}.exeC:\Windows\{9BCC2DAC-DAE9-4f3f-82AA-82FDF227BF2B}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3D56B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{77D89~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0F552~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{3E30F~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{60E5D~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{51DF0~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{970E8~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{58975~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{833AE~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FF756~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1A9ED~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
408KB
MD5639349d9484a6f1bc2f280b445790134
SHA1ffe4630dac278b3f0ca5794bd832ecac73236857
SHA256f2674754c04d9a3f410f0966678b92ade37a02bb1a436263e354eec3d1de0f83
SHA512b11e07fedf668c341a6357a36a39ac4418e14d7d77eb77fdc62a71ef680eea5df9289858aa78b3e7d629e496e88766d26663aa60f4cc189618807298f2fcab3b
-
Filesize
408KB
MD502c29da1310950ea83a266be4d8450e8
SHA1e72a04d5f7606a50aaa95843366ba41f49b9058d
SHA25602be060342c525eec4b65ace1ff3efac2723ae5467cd9f8eac729d00fea4b701
SHA51278791da0dcd661c757b4f342ee1669120739a4c7bef39daf32cff6b889f2691d708b4b79b2d6d4b0f56c7a386a4c8f66dd470b0c690f3a693fb5318cea84ec66
-
Filesize
408KB
MD54fadfdce7081e720102db624bb833da2
SHA181f7ca1c1141c04da4481ae1b3495f1b6587f78b
SHA2566538c0259f56deb51fd72342b237f53c10d0eb569ed6d962240182a76299ed1c
SHA512f88826694c591e58cc9256d8425b40792e1a140bbb5981858087b611a596e39740cda45655c54d1fc4ea25561fca099495a27d624ed12b4c1fa1b491018325aa
-
Filesize
408KB
MD52e2275a4eeb26d7f5b3c3d13d627460c
SHA13c7ff23a49a434ab9f287c508b530f8f0021cef6
SHA2562b802ada0fa3b9f3d4c72fdf264fb3d84b2e6e3afd769ae8b7dbfd44fefa95c8
SHA51261bb0f25c4c3aafc96ee1f34c5a77094b6d1cc2d9eb1646d1341944f7bdcd48a5c351db7ba0949f338968eac3c177cbcc53665eb5882b70faba386d432b7032b
-
Filesize
408KB
MD5d38f9e7c32b7228e593c72e87bd29589
SHA12a2bf4383c9b293d35472d866d3dce1c568b5db9
SHA256478367c0f79febcd074b06e047ebfec6a9809bea0a2b693f116a330ca9d0b692
SHA5124b946b478f4b13666c5b258096ef12c1d757380ef3b897d7d2314e60ff5b177e785ed73b3bf7f404fe9539fad60a564bd2963d57a6ca670686709021f9b8b904
-
Filesize
408KB
MD5bc8689371154fca807920cb58780959e
SHA13012b7c7278130d973383cc4654b43052f554b4b
SHA2568379ff6915bf9cae49a8ee57c62d9e7ae542769cd2471fd6d70406ab1b009c3d
SHA512383f7dd5cf3634095e9187c5563e1da87046986f370c4a6c281cb8813bcb4ee1fc991d0de2bbfd2792d83887fcc93e65be40211e454da92449d4817b3329d667
-
Filesize
408KB
MD5a16e4c2a080b5790d25010b079a3136f
SHA1229c4d736a7387cd2f0cce52a8dad01a03d68b3e
SHA2569b7d8029b3d66dff5d06315daeaf6614ceb2ba38e7bfcaf2a9f92dcd0e650ff2
SHA5122b3dc823d315af575634675ba0f4b8e08fa74c64758f982c1fa8a7db43997b25a018f53ea70d2ce39c6b95fa8b2e8b9a3da3120a233a2b8fb56d8e5e7037e853
-
Filesize
408KB
MD5506d7e617ae94032df404c37d0875540
SHA1fa5240e843a0542f16219e568a197100c5eb8122
SHA25608dc12d0b736bf65973654b52bda10b36c043fc8d4df41db014e17e7a1e633a7
SHA512a20d256399adf552b676d2cdb7eeef8d90a32ada1e04c3978e91bb461ff7c15c534ffd60aa8a76aead19c0eb7a57038850272dd5ac12072de8035764e6e70ab4
-
Filesize
408KB
MD54a613cbc0c83b811e903b24dfc041c56
SHA19e561cd7df9715755613270f00d68a7c917de230
SHA2569007f8272d231485c07c202de93eab23888df29007cb8137721039e808ad4297
SHA51202f5417bea5c6a633c42565124a1d6211e2b243fac84329c4c7c77021b8436e05427d3c5bde9b2e536100a12d61a7dac8431c2326ebbc61d522545220b256b1a
-
Filesize
408KB
MD5ef5db612c33f85fbdc3d7ea6f1613a6b
SHA179ba8f9d8e1f1b9d1d471ec420ce04db3061d7ad
SHA2562c5af0d882bdc571f364406502b8340119f83024273c2fc6701409c352c96734
SHA512b1f3534cdbd7d28edb2adc952b87a22d752011b810f3bd209f0c4af18e3c3603029ee1547f5139953ea3db0692b3afae133688fe135f08e3a1eafdbc69448d70
-
Filesize
408KB
MD5cc80d2146f9d5cd09d4c8805951f53cb
SHA1e2d30bdae1cf6c65bbd91b5109d468505f587a90
SHA256c8b9a70ae679f8968ee8637a9cb39ac86e219af2ea2081a80a58a8ceae601e15
SHA512ad09d85ca5bffb8dda530490707ca87af813633acf095a8cd1d276a3707bf49aa121c64c9c2ce997a304cdccd2ef27232a07b88bdedf34d38726a90e8f946d6a
-
Filesize
408KB
MD5cff3885a04e83fb83fbbaa8ce52043ca
SHA1abb617e0299cb13a503523e2a36dc93ad49317e6
SHA25604f1f9c296f897cbf0cb9ccc7f9b4f94a5da368fc82a05baa6aae6093b0c8836
SHA5120a3990571ecc3c57d07b8510c4b068f14ed944723f56487bde30a8f99a07464c1bdea046482abdee899a358dbb26318db5b14944a387b1751e7954348b71a6cd