Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2023-08-26...JC.exe

windows7-x64

8

2023-08-26...JC.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    211s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-08-26_4a1948e3c8ae3826f3ef36f7d4afb07b_goldeneye_JC.exe

  • Size

    204KB

  • MD5

    4a1948e3c8ae3826f3ef36f7d4afb07b

  • SHA1

    3a9e15be7c536a899403e0e46165aabe0ca34fa3

  • SHA256

    e77b268b9b1255d0eacc07b7e9760b9ad3c9a4802127e9fcf5bed640399a318c

  • SHA512

    29511d3fa5ad1982911eb7e36aeb8c652efed2cc1dbb3f7417df8893653bc75e842ffe3f495cac92264e9b4e1a16e5b490eacc81726b1e1a7dae2fa498b8cac2

  • SSDEEP

    1536:1EGh0o1l15IRVhNJ5Qef7BudMeNzVg3Ve+rrS2GunMxVS3Hgdo:1EGh0o1l1OPOe2MUVg3Ve+rXfMUy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-08-26_4a1948e3c8ae3826f3ef36f7d4afb07b_goldeneye_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-08-26_4a1948e3c8ae3826f3ef36f7d4afb07b_goldeneye_JC.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Windows\{45985300-4201-4454-9BC8-244740619292}.exe
      C:\Windows\{45985300-4201-4454-9BC8-244740619292}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5004
      • C:\Windows\{94618E9B-982A-4c3f-8F53-86C2D455E518}.exe
        C:\Windows\{94618E9B-982A-4c3f-8F53-86C2D455E518}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4944
        • C:\Windows\{79459B21-42F3-4229-A061-8DFD78B6DCB9}.exe
          C:\Windows\{79459B21-42F3-4229-A061-8DFD78B6DCB9}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1040
          • C:\Windows\{660D45EE-D7C6-4196-991F-0B3948BF6F07}.exe
            C:\Windows\{660D45EE-D7C6-4196-991F-0B3948BF6F07}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4552
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{660D4~1.EXE > nul
              6⤵
                PID:2900
              • C:\Windows\{F4715858-B09D-4291-912B-77520AA7C901}.exe
                C:\Windows\{F4715858-B09D-4291-912B-77520AA7C901}.exe
                6⤵
                • Executes dropped EXE
                PID:1768
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{79459~1.EXE > nul
              5⤵
                PID:3416
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{94618~1.EXE > nul
              4⤵
                PID:1924
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Windows\{45985~1.EXE > nul
              3⤵
                PID:3352
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2023-0~1.EXE > nul
              2⤵
                PID:4720

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\{45985300-4201-4454-9BC8-244740619292}.exe
              Filesize

              204KB

              MD5

              30925ed1aa34b05589f70b7c67477313

              SHA1

              8fe591d911de1657ca31b1fda456c2d6da141901

              SHA256

              711bebbf74ee5a5a16b2cb148ffc18a912643e76bd1b147127f31d02c81aa228

              SHA512

              5e02f72b83b1955192863cac38c9f4bb72ab62627b4f36424390455314323751b9ae5c48ed09955f5a3eace4fbaecf8a35d2948702fdebba903c0b34dd30b3aa

              Download Submit

            • C:\Windows\{45985300-4201-4454-9BC8-244740619292}.exe
              Filesize

              204KB

              MD5

              30925ed1aa34b05589f70b7c67477313

              SHA1

              8fe591d911de1657ca31b1fda456c2d6da141901

              SHA256

              711bebbf74ee5a5a16b2cb148ffc18a912643e76bd1b147127f31d02c81aa228

              SHA512

              5e02f72b83b1955192863cac38c9f4bb72ab62627b4f36424390455314323751b9ae5c48ed09955f5a3eace4fbaecf8a35d2948702fdebba903c0b34dd30b3aa

              Download Submit

            • C:\Windows\{660D45EE-D7C6-4196-991F-0B3948BF6F07}.exe
              Filesize

              204KB

              MD5

              40d3a52a7decaa00c5048296654383a3

              SHA1

              a81fa7acfac33838adc75ab5fa92659aa041ce73

              SHA256

              55e32bc54f13fd155e1b825d552f8db8325e0ace45848afd03f12e3a380aa9a9

              SHA512

              f39cd4a231f3474fdceed84868ebe3a241efa74ab9ab3cda21bc6de679f95e76c73ab6daa9b0b67866b1d1910814b889ee78f94992edc4b520a4f5a251b42e18

              Download Submit

            • C:\Windows\{660D45EE-D7C6-4196-991F-0B3948BF6F07}.exe
              Filesize

              204KB

              MD5

              40d3a52a7decaa00c5048296654383a3

              SHA1

              a81fa7acfac33838adc75ab5fa92659aa041ce73

              SHA256

              55e32bc54f13fd155e1b825d552f8db8325e0ace45848afd03f12e3a380aa9a9

              SHA512

              f39cd4a231f3474fdceed84868ebe3a241efa74ab9ab3cda21bc6de679f95e76c73ab6daa9b0b67866b1d1910814b889ee78f94992edc4b520a4f5a251b42e18

              Download Submit

            • C:\Windows\{79459B21-42F3-4229-A061-8DFD78B6DCB9}.exe
              Filesize

              204KB

              MD5

              0a849a401fe6b00e3ea0091205195a63

              SHA1

              ebffc9495d54d5844946983b679ec1fc106730b6

              SHA256

              2b2c120867ee3ecdaa28189dcac725cbc6bb13c83d28ab18a6aabba5f7621b7c

              SHA512

              04c24bd41fc0960637749c10dd7bd750b26ae60b1f8974b7875d0ac89d5a7336f7e12505ccd23ef1eb05748a80e75773e0f52e9f1aa85c3f2aa2d0009022398b

              Download Submit

            • C:\Windows\{79459B21-42F3-4229-A061-8DFD78B6DCB9}.exe
              Filesize

              204KB

              MD5

              0a849a401fe6b00e3ea0091205195a63

              SHA1

              ebffc9495d54d5844946983b679ec1fc106730b6

              SHA256

              2b2c120867ee3ecdaa28189dcac725cbc6bb13c83d28ab18a6aabba5f7621b7c

              SHA512

              04c24bd41fc0960637749c10dd7bd750b26ae60b1f8974b7875d0ac89d5a7336f7e12505ccd23ef1eb05748a80e75773e0f52e9f1aa85c3f2aa2d0009022398b

              Download Submit

            • C:\Windows\{79459B21-42F3-4229-A061-8DFD78B6DCB9}.exe
              Filesize

              204KB

              MD5

              0a849a401fe6b00e3ea0091205195a63

              SHA1

              ebffc9495d54d5844946983b679ec1fc106730b6

              SHA256

              2b2c120867ee3ecdaa28189dcac725cbc6bb13c83d28ab18a6aabba5f7621b7c

              SHA512

              04c24bd41fc0960637749c10dd7bd750b26ae60b1f8974b7875d0ac89d5a7336f7e12505ccd23ef1eb05748a80e75773e0f52e9f1aa85c3f2aa2d0009022398b

              Download Submit

            • C:\Windows\{94618E9B-982A-4c3f-8F53-86C2D455E518}.exe
              Filesize

              204KB

              MD5

              c1af92df9dc53162ec7b736c5c784617

              SHA1

              1d3b8246dd7a4bf319976dfa76eaaa139dfc2a35

              SHA256

              54a8e077259631f14abeb7ab2dcc35f298e41d3149c95d872c676e3d05403ab9

              SHA512

              5c59f58cc25e17dd17e9f408c82e1dd7e05e7ca74a7b6a93929ec3941b4070fef42c19797c071277a2c6c0f1ecb3bfa3f6744abc5b79daf3fec35cb84e40200a

              Download Submit

            • C:\Windows\{94618E9B-982A-4c3f-8F53-86C2D455E518}.exe
              Filesize

              204KB

              MD5

              c1af92df9dc53162ec7b736c5c784617

              SHA1

              1d3b8246dd7a4bf319976dfa76eaaa139dfc2a35

              SHA256

              54a8e077259631f14abeb7ab2dcc35f298e41d3149c95d872c676e3d05403ab9

              SHA512

              5c59f58cc25e17dd17e9f408c82e1dd7e05e7ca74a7b6a93929ec3941b4070fef42c19797c071277a2c6c0f1ecb3bfa3f6744abc5b79daf3fec35cb84e40200a

              Download Submit

            • C:\Windows\{F4715858-B09D-4291-912B-77520AA7C901}.exe
              Filesize

              204KB

              MD5

              49a1707a2f727b0bfd61dcab5ea667b8

              SHA1

              117ba2dc570ace8d7b174dea5640d721764e22dc

              SHA256

              5282a7a9fa0053708e9171bd0ae1f65d2d6cd86c2352d4d0ac8cf749f8139141

              SHA512

              f1b1f1998ca03a370c6b3de7a9ff33a1b813830e3550053c9a3ca60dce900ae89eaa2f27127c08b25f360fd7788c7a100242d753b59401d67e7936769f611927

              Download Submit

            • C:\Windows\{F4715858-B09D-4291-912B-77520AA7C901}.exe
              Filesize

              204KB

              MD5

              49a1707a2f727b0bfd61dcab5ea667b8

              SHA1

              117ba2dc570ace8d7b174dea5640d721764e22dc

              SHA256

              5282a7a9fa0053708e9171bd0ae1f65d2d6cd86c2352d4d0ac8cf749f8139141

              SHA512

              f1b1f1998ca03a370c6b3de7a9ff33a1b813830e3550053c9a3ca60dce900ae89eaa2f27127c08b25f360fd7788c7a100242d753b59401d67e7936769f611927

              Download Submit