Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-01-10...ye.exe

windows7-x64

1

2024-01-10...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    156s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-10_d65f8aedabb238830d9346d47c998610_goldeneye.exe

  • Size

    168KB

  • MD5

    d65f8aedabb238830d9346d47c998610

  • SHA1

    4b685e7b06cc4a81a602e76769594edbfbd39b47

  • SHA256

    84292dd6b2d98d8e76823995985ddeec50aa31615988415b1fc6ca93b7bca891

  • SHA512

    1d06793c93e3a7f78b852473b5d274556f7c73df7250cb817f2a276e1b43c659180f7a556d3ac3754644cb8ca284e4eb3d98080d5967f7913a9035f87987cc5f

  • SSDEEP

    1536:1EGh0oQlq5IRVhNJ5Qef7BudMeNzVg3Ve+rrS2:1EGh0oQlqOPOe2MUVg3Ve+rX

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 20 IoCs
    persistence
  • Executes dropped EXE 10 IoCs
  • Drops file in Windows directory 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 60 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-10_d65f8aedabb238830d9346d47c998610_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-10_d65f8aedabb238830d9346d47c998610_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Windows\{A5959EF2-38AD-4bd7-A3D3-CBD890B2A23C}.exe
      C:\Windows\{A5959EF2-38AD-4bd7-A3D3-CBD890B2A23C}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3340
      • C:\Windows\{9D9387EB-2A6F-415f-A3C4-093F844003A7}.exe
        C:\Windows\{9D9387EB-2A6F-415f-A3C4-093F844003A7}.exe
        3⤵
        • Modifies Installed Components in the registry
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4848
        • C:\Windows\{EE30E356-D4D8-4fb7-89EB-8F50533E3220}.exe
          C:\Windows\{EE30E356-D4D8-4fb7-89EB-8F50533E3220}.exe
          4⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3924
          • C:\Windows\{BE437E9D-AECE-4b19-AD5D-DF6BA36A7507}.exe
            C:\Windows\{BE437E9D-AECE-4b19-AD5D-DF6BA36A7507}.exe
            5⤵
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:1608
            • C:\Windows\{C076CD5E-19BA-406d-A9B7-E0270E535E9F}.exe
              C:\Windows\{C076CD5E-19BA-406d-A9B7-E0270E535E9F}.exe
              6⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1232
              • C:\Windows\{897CECA3-106C-49e7-AD6D-317B800E4428}.exe
                C:\Windows\{897CECA3-106C-49e7-AD6D-317B800E4428}.exe
                7⤵
                • Modifies Installed Components in the registry
                • Executes dropped EXE
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of WriteProcessMemory
                PID:4484
                • C:\Windows\{3A9A479D-FBD0-44ff-BBA7-27952ED20C24}.exe
                  C:\Windows\{3A9A479D-FBD0-44ff-BBA7-27952ED20C24}.exe
                  8⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2308
                  • C:\Windows\{25AD5C8A-2F44-4c7a-8CE4-D8168D51B8D7}.exe
                    C:\Windows\{25AD5C8A-2F44-4c7a-8CE4-D8168D51B8D7}.exe
                    9⤵
                    • Modifies Installed Components in the registry
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of WriteProcessMemory
                    PID:4972
                    • C:\Windows\{EE760519-F147-4e53-BD20-F2CAFEF98DAB}.exe
                      C:\Windows\{EE760519-F147-4e53-BD20-F2CAFEF98DAB}.exe
                      10⤵
                      • Modifies Installed Components in the registry
                      • Executes dropped EXE
                      • Drops file in Windows directory
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:436
                      • C:\Windows\{A3B80239-A9E6-4a03-B8EF-0D13628290DA}.exe
                        C:\Windows\{A3B80239-A9E6-4a03-B8EF-0D13628290DA}.exe
                        11⤵
                        • Executes dropped EXE
                        PID:4192
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{EE760~1.EXE > nul
                        11⤵
                          PID:4844
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{25AD5~1.EXE > nul
                        10⤵
                          PID:2408
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{3A9A4~1.EXE > nul
                        9⤵
                          PID:952
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{897CE~1.EXE > nul
                        8⤵
                          PID:4768
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{C076C~1.EXE > nul
                        7⤵
                          PID:2116
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{BE437~1.EXE > nul
                        6⤵
                          PID:2004
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{EE30E~1.EXE > nul
                        5⤵
                          PID:1948
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{9D938~1.EXE > nul
                        4⤵
                          PID:1524
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{A5959~1.EXE > nul
                        3⤵
                          PID:1840
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                        2⤵
                          PID:3200

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Windows\{25AD5C8A-2F44-4c7a-8CE4-D8168D51B8D7}.exe
                        Filesize

                        168KB

                        MD5

                        da3f04663a04a8af02fa7cc3990827a5

                        SHA1

                        0f774fcecfe7d51704f7f6b37fdf2bb30e06e830

                        SHA256

                        1198067c25c21091afbc64828a7f75a3d915eb54f4b1a035b3182823e4a81554

                        SHA512

                        5c5fc02119075fc25df5122d773675d4313b54424ae3d5ab9934a61cbc0003d3fa5bbf46acff043817dcd93231a48f583da3b639f83c3c60f653cac8101e1839

                        Download Submit

                      • C:\Windows\{3A9A479D-FBD0-44ff-BBA7-27952ED20C24}.exe
                        Filesize

                        168KB

                        MD5

                        ca07845d5c6550a005e1c72787d3cab5

                        SHA1

                        0025be5798ebec8dc2523258c0819afb7f16c8fb

                        SHA256

                        22bd77445661180e71dde52a5664946b906e0d18c4c9deac8c5b0348b3dc324e

                        SHA512

                        3630446540ac557d8b296ef12c3e3c7ee3ec4fb6183590c2a7164271a5ba15df44cd239e2aa7a8c9620183a031520922430ae9f872255c297f5750a8a2eba871

                        Download Submit

                      • C:\Windows\{897CECA3-106C-49e7-AD6D-317B800E4428}.exe
                        Filesize

                        168KB

                        MD5

                        93f7f32ef3a0dabe4183ea7f1f82a771

                        SHA1

                        eba915f20d5cbf4bcf4a676a1754785b9e58e28f

                        SHA256

                        04f46a31ccf255b20aa71a3e8e956929d1463a64f63d749188c8e978d01dbeec

                        SHA512

                        c860414e2f163f3bbd55a02d8d1fceec9ce4c6a50066cc95ccf95e4599ca69c9aeaf4431e1a08371b7084bbe065aa63c9e695f457d2d136e10a1c59752737ec6

                        Download Submit

                      • C:\Windows\{9D9387EB-2A6F-415f-A3C4-093F844003A7}.exe
                        Filesize

                        168KB

                        MD5

                        86a671b279a745432ab944eb8cdcb191

                        SHA1

                        f989cc335d8e45559b83789f83d9eaecc99f1f42

                        SHA256

                        2734358a4fefbde14eba3349c6d4317ea7103a9ba1da32ea130628393fad7dbd

                        SHA512

                        8ae6bb887576a2e01777d77f335a3ba326c7a6eb746cf2c434bc1d5a2ed34bcf96cb316c23193fc249826e4121cd55d7590dd2c5fdd8144f5780e00bbd6579dc

                        Download Submit

                      • C:\Windows\{A3B80239-A9E6-4a03-B8EF-0D13628290DA}.exe
                        Filesize

                        168KB

                        MD5

                        1a8f7acec261cd44fe537c5ba898b8b6

                        SHA1

                        12f43c98926c182dc4f790ed40dcc8ccae8abd89

                        SHA256

                        e3dd0c535997c9af4cd4a9ddecda2de15000d7051fe8032698bf7363cf9c0757

                        SHA512

                        a630d8c8a586d0d28ed93d9eab84ab58b81366bd807b43615de6a8e8633889bc3808137a44f08c78160b4effefd5ef9852e0f1d6ae0174c10ab7152fcbd420b7

                        Download Submit

                      • C:\Windows\{A5959EF2-38AD-4bd7-A3D3-CBD890B2A23C}.exe
                        Filesize

                        168KB

                        MD5

                        9989893d78a47c7a02da947167d87e61

                        SHA1

                        52d08e47dab8409941d839bfff5a322afbc38aba

                        SHA256

                        af558ed72cf7d78ab672e0b84d0049a9515173e210b4f329981f8499fa5dd5d9

                        SHA512

                        979fa2db06340dd9befe5b5ff3ba31b7a27c34bec629df336b739f1c407af1a039afe03ddb0eba2136d846eb73d5292ffe6795ee4b5b813c2b548923ba3a90fc

                        Download Submit

                      • C:\Windows\{BE437E9D-AECE-4b19-AD5D-DF6BA36A7507}.exe
                        Filesize

                        168KB

                        MD5

                        4444f55bcc54a2777b1fbabcaa49591c

                        SHA1

                        338da27db1f9d56ee5c723df4904ade3a66eb090

                        SHA256

                        c9bd68825fa6e9daf23ec48d0d35b91d317aece0f66392d23ba593fe02b222a4

                        SHA512

                        e62b394c4b4994844450a06e3521a128faf57ddd124bcc10ef4d100e04ab6b1b147c555bbf1b6258d2d10378964409bd1f6f3367951763e7cef00a3b3ae59f4f

                        Download Submit

                      • C:\Windows\{C076CD5E-19BA-406d-A9B7-E0270E535E9F}.exe
                        Filesize

                        168KB

                        MD5

                        65f4a90aadb09015fc6374eb5852af45

                        SHA1

                        6ae2ca3402c1509090639df86c5c225f18c349f7

                        SHA256

                        930240826d0ee8a7cb8c6eb0a0427480223001654ba8d6a2cf5ac110ba74fa37

                        SHA512

                        2fc7cbc2faaab6d83a44c56fd2beca1516f25671f0b70125ff6f89a6bda3af98ad58a7bb626d9cec06d45ea5b890e645d789c33112e67b714483848088380307

                        Download Submit

                      • C:\Windows\{EE30E356-D4D8-4fb7-89EB-8F50533E3220}.exe
                        Filesize

                        168KB

                        MD5

                        a29fd9a4c96fa09cf1d24d53448dce0e

                        SHA1

                        dc1a2fb65edfd2868d3c8cb4d61611f5c5909b48

                        SHA256

                        5d61e5462b8c9341c0752328fa9507c25980d98a4f458cab17e7558aa1963002

                        SHA512

                        9dfcc9dec45a54f8b121d760496448d1cd686bad427c33c43b5fd196b28a251019f730c4f96c0815813447072295edf6ba0837b40ac2f08e027409023a0d309a

                        Download Submit

                      • C:\Windows\{EE760519-F147-4e53-BD20-F2CAFEF98DAB}.exe
                        Filesize

                        168KB

                        MD5

                        a839732dac9ee1037e1ccdf99a3b431e

                        SHA1

                        1e1e90550ac71d611d91c2b4044faa5fa5265015

                        SHA256

                        b85a6a384f31a5df6a067b3b0d8778cde6eef477f2fa8be9fd85b5fd21e97fb8

                        SHA512

                        4492f5f9ce21bcf39c1690143070cd92eddf20f5580f7b361838dc16e01a808c569d68eb453f976e35ce75e1956e69624efe806485456638c829d4a317d9e5d2

                        Download Submit