Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
04/07/2024, 12:55
General
-
Target
2024-07-04_8f4861fd6e74758cd9280ef68e3677df_goldeneye.exe
-
Size
344KB
-
MD5
8f4861fd6e74758cd9280ef68e3677df
-
SHA1
df5cdbfdf3df5039dec29a638eb7776ad2fa9b16
-
SHA256
00e61ee838083d54dd41893eae425649433ca530efc8116455e75a7bf963694c
-
SHA512
1c2ff43d910c492dad65b9fa3cedfb4dce6d97c98f7278ef6523ef7298951b472505378ebf423f459337f5de3f300a2483ffb7c77088ae8570250a51c8cb2976
-
SSDEEP
3072:mEGh0oQlEOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEcGL:mEGalqOe2MUVg3v2IneKcAEcA
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-04_8f4861fd6e74758cd9280ef68e3677df_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-04_8f4861fd6e74758cd9280ef68e3677df_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D24D22CA-EDF9-4b27-805D-757659FC7D77}.exeC:\Windows\{D24D22CA-EDF9-4b27-805D-757659FC7D77}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{987F0774-42DC-4976-A9A0-6642191722FA}.exeC:\Windows\{987F0774-42DC-4976-A9A0-6642191722FA}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{48678284-4FE6-4223-8674-E47793E19FE8}.exeC:\Windows\{48678284-4FE6-4223-8674-E47793E19FE8}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C06A2E58-382F-4bcb-8699-FF2B18CC2DE3}.exeC:\Windows\{C06A2E58-382F-4bcb-8699-FF2B18CC2DE3}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E377FAAB-4541-41f2-B546-89622FC1C8EC}.exeC:\Windows\{E377FAAB-4541-41f2-B546-89622FC1C8EC}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C3685C7C-2343-417b-A6A5-34AAC721655C}.exeC:\Windows\{C3685C7C-2343-417b-A6A5-34AAC721655C}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{33C1991A-8AA9-4d74-82B7-F25059960B95}.exeC:\Windows\{33C1991A-8AA9-4d74-82B7-F25059960B95}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{77D7D6D8-022B-4fc2-BA32-A56BB6E3BA7A}.exeC:\Windows\{77D7D6D8-022B-4fc2-BA32-A56BB6E3BA7A}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{09E6F200-6F65-41bb-B402-3057B7C874B5}.exeC:\Windows\{09E6F200-6F65-41bb-B402-3057B7C874B5}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{7DC7DE19-9BD6-401e-8D14-287808085469}.exeC:\Windows\{7DC7DE19-9BD6-401e-8D14-287808085469}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0A05C1BF-E4D0-4451-85F9-C95239B68EAF}.exeC:\Windows\{0A05C1BF-E4D0-4451-85F9-C95239B68EAF}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{BA2BB259-54A4-4dcf-8878-1928C6D4C634}.exeC:\Windows\{BA2BB259-54A4-4dcf-8878-1928C6D4C634}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0A05C~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{7DC7D~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{09E6F~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{77D7D~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{33C19~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C3685~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E377F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C06A2~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{48678~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{987F0~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D24D2~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344KB
MD50ba0909f3520b90a98594450e87c18ac
SHA174d54b7b0d014df13ded7203b227fd075e51cd88
SHA2562142086d708a41ed89846fcb7e2998fb65d79d3abf92172102ac722f87de5f5d
SHA5127560c946a132eae436534060f76785b2ead728a554933656033f7272aafdff4e1aa4a426cd208bc6369940c394eae81067be820338bdfe6e16fd519ef046e317
-
Filesize
344KB
MD56f2db41ed3a94b24c24b7d4c015ec75e
SHA1c1705cae188d4caf169e104bf41709c71655258b
SHA256d22ddd97ab890a5b8d781a2ff0d881b93aeba1bbb2186a3d2e5dd3b6ebfd56fc
SHA512777d480a84151f4455208d10be41836cd2010e6ea51d66235ddd5d2d0940906ed8f5986709407c4a95577c93a42c64bcc8c93740a7b08b764f6136fe6dfb0b30
-
Filesize
344KB
MD54f8148204c2c9043f004b0930812b637
SHA12faf93c1f1531175ea4ba1df3d916a51e4290868
SHA25689479d55b2269cd58bf7afa29966a9430cff1d71cf017a9082eb920d7f0b5a44
SHA5126a375d54bd6320593a8f4bc772a9bd47187003f2ea3d27bc53be81dadb239e148ab5cca08b8b8dcc087e0ddaf9bd9628cb5846830cb2e28f133795bc4bf3cc86
-
Filesize
344KB
MD53d965f86d13f48d5b5afc55373da3ac8
SHA189097f10960ab043b0c328657254ed339e48d93f
SHA256e9cb52c0eb37f1c351dcae04b85d414a979d6a273d5e4492733f9b5cbc610ab1
SHA512a0f7a7a1a5b4112ad5409ba73ccdeaa773c0eb4b042b247821296762d37ffc938a2b03a80db0845996db7b5ae7272efe45ff718daa59de6400f2d4f3c78f8872
-
Filesize
344KB
MD517357425e5e67a28775fe106c69e2010
SHA101c42d3ef070d7bc9a412700563902cc2107984e
SHA256d1a60755505e23b74ff489197b6d24e65f9081ef062d3643b7176a7f77af12b1
SHA512af959665dd8d87df322643676c71591de6641ecd4f4456d141fb96b8d3e47c4b5c1d652aab1fbe4803126ce37af174426446cabda612f1d4269f5b06053e2d34
-
Filesize
344KB
MD5a11115faf94c3a268f0640b801b3dc4a
SHA14f3a7a7646973d6d11ba97d9877fa45c2e915062
SHA2564007c4c6ac63800f369abd37b1bbeb3b042c1da199595da7f1fe1e173d2c7436
SHA512c614473323e6c6df62f722b7e719cfd607fb0f783cb0cbfd7b7cb39d9a978b01c929df6af4bd5c7ff8b8fb0c5d476236f69b32b498fab64d993c16b05f9c490b
-
Filesize
344KB
MD5fa2b8d8a66f1e6ae55d3f73c2235a811
SHA1d6d37b2a49c1d48c619f0e6bc2c561092b153c1e
SHA256e6e130d9f6ecbac07e4a283414b354be48665610517a549feeac6688897c570a
SHA5128d68d2d01480432256a537377f9cff8fecc0a594d5c5c53a1656566c5f5bc0576bf8365e536de2fdc3cbd61a4cf93795680a2590fcb3551468fc6e0cbb93a330
-
Filesize
344KB
MD50851db9fbe045f775fe58f69a281078f
SHA181cbd44a1910e8c11d4ee72ee87324f42a9900d4
SHA256d8592607108d2bafdf49e1e6b09cbe3020433d73f072d3c59095e430a5b85215
SHA5128f187f57a11ee61875c4eafb2f05d93997c280ce4c0c84ef2c6383e87dab3dd904b76b97281091fd3118644943ecc88a82cfe0a2208d1ba4a9a3c37cfe966dc1
-
Filesize
344KB
MD59a8205ef303c1efe31e1290432e24fc9
SHA15889ada37800ab2625227854e3030c2bd2fcd8c0
SHA256166d146d696a3af938d33c09af4a1b7d878f2a10d616294df9c114d7ee4fe861
SHA512dcf46c181e7f98012113b41ce982bbc0fc168fd700b64957eea5c9001da64045d88b8554d781aa115fc73c75a2acf775215879326bd36bfebb8569d7dd9b9777
-
Filesize
344KB
MD598e2dc2445722cd7b560cc41d6636d30
SHA15958de20eac6c46c9e5c29a618982b80f923494e
SHA25614bb2fae37a9ecf66f590f01e0a08b3c6efcc32fc5e6f25052588842ea1dbd63
SHA512b3f06251b94278398491b8be3fd53d0acc032b3f9972fbc25c9dc672acfc55d9a703800b097ef5eccdebc78094d7b9c3a60650a30f86d8a2c2eedc9977e196ec
-
Filesize
344KB
MD51010c912cf6ccd33f53d3f71a13d934f
SHA1246e9b3e55b7bf2a843f1dccb0993f70404e2eb0
SHA256256b38d6affff1062d32060d012c907e434db7a0f183ddb443c30c35c4801e07
SHA512395a93630588ec45adef100f699f0a86f54786a1aa2970c3eb3eea8d4f12bf01f5da15d8d1d22da4c44a26ea828527857985d38afbdd25de377c81198e2efb79
-
Filesize
344KB
MD5494943977ea0270ce5df650c9417d59a
SHA18de490d7430457547f23dde054d254e1272ab48d
SHA2562b8eeb57902e44de86aab7195d117c316636bd68bbd51e2126bfc598e09ab3f7
SHA512215981ddde1706d850de8289b1964333924c4b7424724b0068c2277d95bc3d4c360c726e9ef5ebf484b0265a673c6895a337769a2e77dc3f531f9c6624dc4b28