Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
23/07/2024, 12:47
General
-
Target
2024-07-23_1e2ee3259aa8bfd6429f823ba6b4e786_goldeneye.exe
-
Size
380KB
-
MD5
1e2ee3259aa8bfd6429f823ba6b4e786
-
SHA1
b4f4db469d323a2a66952bee3c0dd6afbacdc809
-
SHA256
27e5de44444f637e46c8d6dfaf1e1afa298cde345693fdf83f0f338ce59d30bc
-
SHA512
961874e1fb5987a06c001a86d19861af19a9ce6d6a375fd2fcc896b6eab0f2647d314612741dbd5fc02a54b8980d36e832277e76bc22d7d91b7c5c4f99841854
-
SSDEEP
3072:mEGh0o+ZlPOiDOe2MUVg3bHrH/HqOYGb+4QnZZIne+rcC4F0fJGRIS8Rfd7eQEct:mEGMl7Oe2MUVg3v2IneKcAEcARy
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 24 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-23_1e2ee3259aa8bfd6429f823ba6b4e786_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-23_1e2ee3259aa8bfd6429f823ba6b4e786_goldeneye.exe"1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B9BFF27F-DF82-4872-A648-CCA6FC0B8651}.exeC:\Windows\{B9BFF27F-DF82-4872-A648-CCA6FC0B8651}.exe2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{1C02C522-85D8-4bbb-8810-D4B460BFBDCF}.exeC:\Windows\{1C02C522-85D8-4bbb-8810-D4B460BFBDCF}.exe3⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{EDBE9414-E4CF-4b7a-A46A-50051C8C4457}.exeC:\Windows\{EDBE9414-E4CF-4b7a-A46A-50051C8C4457}.exe4⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{FA993460-3015-4849-80E0-A89E6640B83A}.exeC:\Windows\{FA993460-3015-4849-80E0-A89E6640B83A}.exe5⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DDE1F0E7-A486-46fd-AA96-4FEE8835DCDE}.exeC:\Windows\{DDE1F0E7-A486-46fd-AA96-4FEE8835DCDE}.exe6⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E575F599-878C-4689-884E-FEC2A41831D7}.exeC:\Windows\{E575F599-878C-4689-884E-FEC2A41831D7}.exe7⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{6821C858-CB14-4b07-B492-037F33097F94}.exeC:\Windows\{6821C858-CB14-4b07-B492-037F33097F94}.exe8⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{E4DEC905-07BC-4cb1-86BB-60C0490CECCF}.exeC:\Windows\{E4DEC905-07BC-4cb1-86BB-60C0490CECCF}.exe9⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{4C698CB7-355C-4103-ACCD-3C864C9F2134}.exeC:\Windows\{4C698CB7-355C-4103-ACCD-3C864C9F2134}.exe10⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{533BBBAD-6840-4dd2-8D33-5F482961A3D3}.exeC:\Windows\{533BBBAD-6840-4dd2-8D33-5F482961A3D3}.exe11⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{BD9A04FD-DE00-4ee8-B92A-352A86FFC829}.exeC:\Windows\{BD9A04FD-DE00-4ee8-B92A-352A86FFC829}.exe12⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{6850A0E5-6832-475b-AD95-FEA89BA0A753}.exeC:\Windows\{6850A0E5-6832-475b-AD95-FEA89BA0A753}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{BD9A0~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{533BB~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{4C698~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E4DEC~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{6821C~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{E575F~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DDE1F~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{FA993~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{EDBE9~1.EXE > nul5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{1C02C~1.EXE > nul4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B9BFF~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
380KB
MD574f8efdcb5cdbe7a60ba8dbf2a3ef259
SHA1a0abd60ec49ebfd6ebc319a063dfa36799325652
SHA2568c08abc8907a0080eb34660cf7d9f8cf6a931ddd2a574aa072a59be74a451eb6
SHA512e52c3d0c05397dd4f9da02d4e3643f474bcf437f067830ba1c04e57046ae468fbd795152baf8ad5402f795b31c0116498cdf3c20bc6c9f61d928bcdbaf49a76d
-
Filesize
380KB
MD50e336fc0327a1ba6c1b83aa72a2fca4e
SHA12fa2f690c575477324b2b24d96308ba0a9935c26
SHA256eabfe11eef0b36932bf76cbaaa9306b072dcddcd16dbc60bdcda6273a972d3c1
SHA512eb3500f4fa5cf74f0564934ac2b16637412fa1d6b37cf6dc4073bffea06cdac113d590ece56baf87fdf09afe69fadf266b132c467376e6caa16dc48542ba189e
-
Filesize
380KB
MD52dd62668e352e78ff32a8daa895aa92d
SHA1c17d2418b4630c43eb87c24895588811c38e4ba0
SHA256778ba172fda6fcbb7e7bd6e43a82c12185e5566d046f728ad797ca074f01c6eb
SHA512c593e02278ba2ab5f1b9d51571a0fd41a483b4d2bfd9d97cff18b57d280433db6f2c5aa1cfdfc9eaf58d84377f51baf92731a0c7a6ab89e4966c7f194b136539
-
Filesize
380KB
MD5c704d1c6b29170a916e07b4ce73a72f5
SHA158d2cdf4bb3e3ff25b96ee8325fc162b80a7d9f4
SHA2564677c102fb62deea166be7c00d0c86faa95e84899caf12d6034c10fe125c7d0e
SHA5123f2531127b3a4c2a7151dcd08586a86d7f1d2f20ba3b7e43724ac7120e42cb34e63da021855dbc9aedb3dc02c4f602c2dd3a2c38751a4945e2026bde7a2512d0
-
Filesize
380KB
MD5aedddabd5b61b8ff61bda77eb913a584
SHA1a4a6d2668679eaeb3d9d7b2d07212ec4475f4758
SHA25676eb92bff46dda4b575c6e9abe4c75cc90c04ce856d2e1e2858a4fdaba3295fb
SHA5121ebd317f46b7813608058812acb09e6bb0c9aa1aaf1a6dc52974b493bf490b01c322bb6ceb92e177f6969a64aba16f3aabd5b84d5f2baf5cf2b71f00f51e10bd
-
Filesize
380KB
MD513849d65a92af43bd7feefe4ad9bc9a2
SHA14fc4af884d77ceeeb08cb2767fe03324534e56e0
SHA2564bdcb5a2a6ce4ca0a4312949020fad0d136c468e4d37e0bcf7a326c57e10b00a
SHA512da4208855953c2dcd84458c9ac95d96194828ae69789218843854153e8c4c205ddeb25bb820de5fc1a69f21caf04e6d2c0b50077d9ba0f59760e324def003660
-
Filesize
380KB
MD57145dbbdacc2625288f757e8804fd508
SHA1f5020fe1b4e01bba51e66e3b88c504c257ae3bfe
SHA256354ad3bc5d2caef5b26ef405c2bed9395bdfda791b3f26714b9f12fee04540a6
SHA512860dc20012a078413e32ea3f7b7c79e78efe95429b3a667afdd5eb5fea034f99b28ea9ce474c99bc75e9eecc32ad721ff6cb2f1d2b996c2ddf7dab4379f81b65
-
Filesize
380KB
MD5718a36e54a7c0a158843d44ac2961a1e
SHA1cbf0dafa10a73a861abaa395b14b3b9c4576a45a
SHA256580ed8a17aa1a920cddb6f903554762b6808b965b9f0cdf06e4f66e395320320
SHA512be7007fa518a2a9dce7c37828db7fe565667040d2e7416287696faa8c272ff77a44dcc8759961f9abc036af1dc0ad36b25c0c7aebbca6e3a66c09958d1aa8b12
-
Filesize
380KB
MD51d3070e88812642f3c2c350b17947361
SHA1c3e549f42613e7fd5c1e512d19f082fa788eafc5
SHA256a8a8fae5a67ded326e5e981d552c73ebbdd1c3a3d24f12678cf1237e0ab68f4f
SHA512c91e37a1728c109fbe8cdf55c1c4728c0954d72cd92fc8d4147b19922bb12448bd16bab6bce8e031b4031e0ae5a5a9204de9c734f0dde3d369461211ee273351
-
Filesize
380KB
MD533c5d3acf992e203a9a323fd0fbdd61d
SHA19e521fb831e8c6111e06d85187c3ea9bc827a875
SHA256f8d520bc6d6ebfc9ed18185681bea9e2737dd6cdbfe799ad868113b31646418c
SHA51255050751a13458d937d279c6628c546052a3b1832cce0e48eb6767956015a8ced666967be1fd440d048bf936d2546b7e4948cdbc9ad79dcf71d81ed0e9009ea5
-
Filesize
380KB
MD5b8ba36f3313b38e503f37910b3ee733d
SHA1db56ade1832379e050aa2784649e364f349a45a7
SHA2562553ac65b981ce7b5a37bf4072501125621b68b8a23d2a146d0d527c75747a2d
SHA5124ec30686eba238b3e3635067c28cd8a886a43f136e584990cbf33592593342fb9bf38989f9bd0a9e967e35f88c72942fd07406850b721e6f00144d92f2340be5
-
Filesize
380KB
MD54f5f2dc2a435d7c2f6a7b77919ea096a
SHA15e3d2ef2dcecc755b1ca16cc7984b93a205d65c0
SHA256b5051d2d34da7606f1ccf90e9a3f10a04fc39250836bcffced161c7edd6862af
SHA512a375d7f83349977f060834fd86e6639475d6f74de8434a2af656ec393dd840bbb908eb3363f3ccd36de322228ce66863822aad9841314af2dc61204abfa08132