Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

2024-01-11...ye.exe

windows7-x64

8

2024-01-11...ye.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    62s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 06:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-01-11_7865d41c4b524454773eafecbf07bc45_goldeneye.exe

  • Size

    408KB

  • MD5

    7865d41c4b524454773eafecbf07bc45

  • SHA1

    4105ddbb317ee2c5ecac583185df3fe17e47f41c

  • SHA256

    ad0bd98641fbf53bdf6680bccad43973f58133439457c06d20287c49988664b5

  • SHA512

    0d21c304ea511f5865be664713ce8fc74b78f41266a4448d793041fc73f66f5e0dc89871fb3b793552c79d825cbc6131ff5ea03f81b6ac421622fde177e49191

  • SSDEEP

    3072:CEGh0o1l3OiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBf3:CEG/ldOe2MUVg3vTeKcAEciTBqr3jy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 10 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-01-11_7865d41c4b524454773eafecbf07bc45_goldeneye.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-01-11_7865d41c4b524454773eafecbf07bc45_goldeneye.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Windows\{7A86FFF9-121E-4ae5-8EA8-66AF25039E5A}.exe
      C:\Windows\{7A86FFF9-121E-4ae5-8EA8-66AF25039E5A}.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1496
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c del C:\Windows\{7A86F~1.EXE > nul
        3⤵
          PID:1820
        • C:\Windows\{7B918265-BC5F-49d6-859B-64D4EF962B31}.exe
          C:\Windows\{7B918265-BC5F-49d6-859B-64D4EF962B31}.exe
          3⤵
          • Modifies Installed Components in the registry
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4936
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c del C:\Windows\{7B918~1.EXE > nul
            4⤵
              PID:404
            • C:\Windows\{427D85F2-CF49-4c2f-B05F-20FC48A8BC6E}.exe
              C:\Windows\{427D85F2-CF49-4c2f-B05F-20FC48A8BC6E}.exe
              4⤵
              • Modifies Installed Components in the registry
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3604
              • C:\Windows\SysWOW64\cmd.exe
                C:\Windows\system32\cmd.exe /c del C:\Windows\{427D8~1.EXE > nul
                5⤵
                  PID:544
                • C:\Windows\{062ECE3B-395B-472a-903B-E3BC765432DF}.exe
                  C:\Windows\{062ECE3B-395B-472a-903B-E3BC765432DF}.exe
                  5⤵
                  • Modifies Installed Components in the registry
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of WriteProcessMemory
                  PID:2952
                  • C:\Windows\SysWOW64\cmd.exe
                    C:\Windows\system32\cmd.exe /c del C:\Windows\{062EC~1.EXE > nul
                    6⤵
                      PID:4612
                    • C:\Windows\{E84CA04D-5DB9-45be-AE0F-CDD64FDAADAC}.exe
                      C:\Windows\{E84CA04D-5DB9-45be-AE0F-CDD64FDAADAC}.exe
                      6⤵
                      • Executes dropped EXE
                      PID:1540
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /c del C:\Windows\{E84CA~1.EXE > nul
                        7⤵
                          PID:456
                        • C:\Windows\{585EA477-2702-4ec8-8CCB-C73AEFE78910}.exe
                          C:\Windows\{585EA477-2702-4ec8-8CCB-C73AEFE78910}.exe
                          7⤵
                            PID:3056
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c del C:\Windows\{585EA~1.EXE > nul
                              8⤵
                                PID:968
                              • C:\Windows\{3722C96F-1A79-4a06-901B-03936F5605D8}.exe
                                C:\Windows\{3722C96F-1A79-4a06-901B-03936F5605D8}.exe
                                8⤵
                                  PID:3024
                                  • C:\Windows\SysWOW64\cmd.exe
                                    C:\Windows\system32\cmd.exe /c del C:\Windows\{3722C~1.EXE > nul
                                    9⤵
                                      PID:4332
                                    • C:\Windows\{B686343E-08D6-42b8-9AFB-5B0D2643F923}.exe
                                      C:\Windows\{B686343E-08D6-42b8-9AFB-5B0D2643F923}.exe
                                      9⤵
                                        PID:8
                                        • C:\Windows\SysWOW64\cmd.exe
                                          C:\Windows\system32\cmd.exe /c del C:\Windows\{B6863~1.EXE > nul
                                          10⤵
                                            PID:64
                                          • C:\Windows\{8588C0E3-8CC5-4408-865C-F8823AD4C8D6}.exe
                                            C:\Windows\{8588C0E3-8CC5-4408-865C-F8823AD4C8D6}.exe
                                            10⤵
                                              PID:3004
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\system32\cmd.exe /c del C:\Windows\{8588C~1.EXE > nul
                                                11⤵
                                                  PID:3208
                                                • C:\Windows\{90730AA7-2C3D-466d-8E44-D4BF8C851720}.exe
                                                  C:\Windows\{90730AA7-2C3D-466d-8E44-D4BF8C851720}.exe
                                                  11⤵
                                                    PID:4724
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      C:\Windows\system32\cmd.exe /c del C:\Windows\{90730~1.EXE > nul
                                                      12⤵
                                                        PID:3324
                                                      • C:\Windows\{3A830CBE-5110-4a14-BB5E-5133B1167186}.exe
                                                        C:\Windows\{3A830CBE-5110-4a14-BB5E-5133B1167186}.exe
                                                        12⤵
                                                          PID:556
                                    • C:\Windows\SysWOW64\cmd.exe
                                      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul
                                      2⤵
                                        PID:1636

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads