Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05/07/2024, 11:56
General
-
Target
2024-07-05_f629a8a7e8a4ef5329ad1c3b798fcdd4_goldeneye.exe
-
Size
197KB
-
MD5
f629a8a7e8a4ef5329ad1c3b798fcdd4
-
SHA1
0da522f7c7e2dbdca6ea39cabcaadfab51ff85e4
-
SHA256
c48c0159af432af892cebaf6b043e9fcf5abef2924e2c11606f21ebca4b439d8
-
SHA512
a9ed68579b02df9fecfd803902dce50804847abb4b0a427a66300430c79b8b726eeec66bbf475dad2c6a32363a06114285acc9ed4d79adef789ecc8f30ca030a
-
SSDEEP
3072:jEGh0o6l+Oso7ie+rcC4F0fJGRIS8Rfd7eQEcGcrcMQ:jEGAlEeKcAEca
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-05_f629a8a7e8a4ef5329ad1c3b798fcdd4_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-05_f629a8a7e8a4ef5329ad1c3b798fcdd4_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E9A9D0F4-C254-41ac-9069-5ABD284F1DCD}.exeC:\Windows\{E9A9D0F4-C254-41ac-9069-5ABD284F1DCD}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{40B77A09-FDAF-45ce-A75B-E8E95E1D2B0D}.exeC:\Windows\{40B77A09-FDAF-45ce-A75B-E8E95E1D2B0D}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{76046877-DA23-4b8c-BDA3-9ACAC3876546}.exeC:\Windows\{76046877-DA23-4b8c-BDA3-9ACAC3876546}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{2ADF1354-0587-4a2f-B6A5-6AD868F84806}.exeC:\Windows\{2ADF1354-0587-4a2f-B6A5-6AD868F84806}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FC75C890-F888-4031-9097-DC7BC916B433}.exeC:\Windows\{FC75C890-F888-4031-9097-DC7BC916B433}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AD1260A1-74DC-4ff9-832D-6F84BB2178D6}.exeC:\Windows\{AD1260A1-74DC-4ff9-832D-6F84BB2178D6}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{57CF434B-0544-4d85-83AF-0E64CC40806A}.exeC:\Windows\{57CF434B-0544-4d85-83AF-0E64CC40806A}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{00C6382F-680F-4457-AD93-B97708319DED}.exeC:\Windows\{00C6382F-680F-4457-AD93-B97708319DED}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4940D852-8CDB-4e03-A62B-4D2873891613}.exeC:\Windows\{4940D852-8CDB-4e03-A62B-4D2873891613}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{710D5E2F-424E-4bfa-A4B9-44FC92696C0E}.exeC:\Windows\{710D5E2F-424E-4bfa-A4B9-44FC92696C0E}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{C875DC02-11EB-4387-A8B7-6F61C7871DCB}.exeC:\Windows\{C875DC02-11EB-4387-A8B7-6F61C7871DCB}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{54289DD9-D3A4-4949-A8AA-5F14A3AA27A1}.exeC:\Windows\{54289DD9-D3A4-4949-A8AA-5F14A3AA27A1}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{C875D~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{710D5~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4940D~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{00C63~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{57CF4~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD126~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FC75C~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{2ADF1~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{76046~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{40B77~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E9A9D~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD549f43e77da1864c5c9665619b473ce4a
SHA12c2e1e14ec5d82e1436116ce7cf7a99771d53769
SHA2560e9cd3ff983636e6bc10bcb802f9dcb3ab0c0bf5075190a4db6e9f784d8e449e
SHA5123a2c41bf10f101603c86f9c32145e07672933b70e7ac9ddc4e21aa73e9570f137e54c8e1799f88fc7e930d6b4d3b477ae97ecaa48b8b3985661be30da5dd5af8
-
Filesize
197KB
MD52a1145bd66bc592cbb234376198f72d9
SHA1a3b8eedc10ae7f63c0122f937d505a378ae53bd0
SHA25671827318e0d51308bc1ba86623001bc9c9b3615fc557404a7f3ea7c220393622
SHA5127f5c7a0f7d9dbd48e9653123a0d1af209ed6752e768fffce0179d663d97c91027660c33a070caadf3dd42e6b762b4405991f22737e8593c16e2c040b5484d5a8
-
Filesize
197KB
MD59ae03fb0c9e3be4fa64ea9cc50d5e984
SHA11c62954e1da6b85e2ef17522e0309f24c25aa755
SHA256554fb7766f19225d0ef44a83f62372c21c88d6c8f85de87646006f26b5173314
SHA512bab7dbc19f66255936398e4ab4b8dd1dd4abc0ffbf1fbc247202b9bc56efabf2c5565f96fdc782366a8256846a82706c7af82fe9833497fba4d2151d0004750c
-
Filesize
197KB
MD5f5ca4b66567d127767fe597e35f8d2d9
SHA16013831b7c87f1150f50046d5069f416db78a583
SHA2567b1b5fadfe6ce09c062fdec5f8e6e0c22191abb189b5f8606bdd4e8c6720f616
SHA512439d4e1a9ceadbbf32140303a75aca9fdfee6100671b4eab2016d016b56e524f180f660ce7ae7134ef7709a3a5b1eb6274790ac188fd54142232beece4da7475
-
Filesize
197KB
MD5abd48e4775de5d75ebc4d8d0ac50ebfb
SHA1a8a565587dd596b05911617d4ebb6bfaf0d5b86c
SHA25627a485156f3a4e05adbf72a634d357b067baebaa27f2ab3df1367a8965354383
SHA5129398e82bceea785b9acccbaf9450d4f31c67a2712eafe7be4f159bd5ed7c4cc5d8aa3799d7122e8bf57b87969030f64d215ff931955d6d7aab723a5ba0c40fa7
-
Filesize
197KB
MD5f16df74f220a159f01c1b0e727fa7979
SHA1008c57ed7cde4bf80cb75adb8e3cc7073635d820
SHA256ebeb8fccf9f6bab8182c27763b34ce478f350d13306da11c05845bb25416efb7
SHA5121242737e34adad9dfa12a9e2f8d8d16a2c3cec0c4f871c6258f7caceba6fdf6e2ef75b5d6f0e9849483aa38d7bbd02261a4e331cafcec4a70819ef7291715691
-
Filesize
197KB
MD5c0e7ca8dbea511661fa7e0e291b30ae4
SHA195b63e0f7779d65e8a76b34b06fd17f301fe0977
SHA256b647d688bcc554bb5989f78c24e633bb404a1f1244223d0e5a8ee888e0f6c315
SHA512e2ac599e8bc38e003515b5b48d2c9021487f0bbbb9c427f9a802c0fb9918c96fd399014d040b05cef96911a3b5c6b1d4c23eba646ce998a3f1be4c3815e5b457
-
Filesize
197KB
MD5330cb777352d88c94687d10715500732
SHA118ad6bc019ea4f9765aaae92d407af734aed3d03
SHA2569ee7fcfc2b642825e8012cf28d697b0f4f102e432bf4088fdfb87aae9ee1472c
SHA512fdc9503375e0e21378d88fd2356b25b7ddbb8d34cef6949e93fa33a0fbb049570816dea4ce6e90651aa39a636e6540b4870bc276f2683889c0bf04cefb159df5
-
Filesize
197KB
MD5ac5acac109d51b61903fb532ca51f5a5
SHA1f9fba7afd30a28319b07e5eb88bd18e445470caf
SHA25687348360f92ede381a7f1e2c52c95d632066db801fb93596a45063d0d80956bb
SHA5126d044b2636e251a5e65af98cbaf38a4a42da1a589b07a9e395cb5a5ac9ec8232898429ac0b20eec94c5ff7ea5be0ae6a6d332a4630327c522f0735d4994bc4c9
-
Filesize
197KB
MD59f86a946bceb78d5a2348c28e77afdb3
SHA15c8df99c1a10911aecce1d42a55c5f9656f783b5
SHA256a213fad896c9903b13985671c55e58969d3d8dfbeea4f6172d3960ceed69ab36
SHA5124876909adf2011f7e6f462157eca1f5850e16718898d69496536032222057cd2cae1d10d3b8b2b8098bb2dab755c8f239dfd8ad91562bbc3670af3ec733d3a6f
-
Filesize
197KB
MD5d3d0bad481bd0dc8fd87cc9f81921c94
SHA1e0553a4725ff4a5a3a66c2dc90fbfe9e71c2e01e
SHA256ad6f5830103e1858a2070595d7ddde1fe3bb08b1c90a14c284440d5e810bea6b
SHA512212fa96387f5d2f2753441b8c8fd1ab61af2cdb7e5e1cd7c65c05a05b9f424b12c63c4648c396b338adc19a5bb742191c145b178ebf09053be5c5527ba4e353f
-
Filesize
197KB
MD5dcb1f2e069d24b205372dd1cba0150f4
SHA117bc2e3dfb67ad30e37426120d60105a2521f2d1
SHA25644f247c6ab2466c7b73e412b742dfaf25794a1ffcccb130f6295c60ba06d81de
SHA5126c391b3ffd6745267d1324c80f4582d5c646b5454b58c0f565dd222047484d54199371e8e4fb27bf8d25b040a43fa68a0fe7e6a185c394d943ae32aa5ee9b1a2